diff options
Diffstat (limited to 'src/include/k5-int.h')
-rw-r--r-- | src/include/k5-int.h | 173 |
1 files changed, 154 insertions, 19 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index db82e02..fa8824c 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -34,6 +34,33 @@ * documentation shall at all times remain with M.I.T., and USER agrees to * preserve same. */ + +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + /* * This prototype for k5-int.h (Krb5 internals include file) * includes the user-visible definitions from krb5.h and then @@ -152,6 +179,8 @@ typedef unsigned char u_char; #define labs(x) abs(x) #endif +/* #define KRB5_OLD_CRYPTO is done in krb5.h */ + #endif /* KRB5_CONFIG__ */ /* @@ -500,11 +529,125 @@ void krb5_os_free_context krb5_error_code krb5_find_config_files KRB5_PROTOTYPE(()); +#endif /* KRB5_LIBOS_PROTO__ */ + +/* new encryption provider api */ + +struct krb5_enc_provider { + void (*block_size) KRB5_NPROTOTYPE + ((size_t *output)); + + /* keybytes is the input size to make_key; + keylength is the output size */ + void (*keysize) KRB5_NPROTOTYPE + ((size_t *keybytes, size_t *keylength)); + + /* ivec == 0 is an all-zeros ivec */ + krb5_error_code (*encrypt) KRB5_NPROTOTYPE + ((krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec, + krb5_const krb5_data *input, krb5_data *output)); + + krb5_error_code (*decrypt) KRB5_NPROTOTYPE + ((krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec, + krb5_const krb5_data *input, krb5_data *output)); + + krb5_error_code (*make_key) KRB5_NPROTOTYPE + ((krb5_const krb5_data *randombits, krb5_keyblock *key)); +}; + +struct krb5_hash_provider { + void (*hash_size) KRB5_NPROTOTYPE + ((size_t *output)); + + void (*block_size) KRB5_NPROTOTYPE + ((size_t *output)); + + /* this takes multiple inputs to avoid lots of copying. */ + krb5_error_code (*hash) KRB5_NPROTOTYPE + ((unsigned int icount, krb5_const krb5_data *input, krb5_data *output)); +}; + +struct krb5_keyhash_provider { + void (*hash_size) KRB5_NPROTOTYPE + ((size_t *output)); + + krb5_error_code (*hash) KRB5_NPROTOTYPE + ((krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec, + krb5_const krb5_data *input, krb5_data *output)); + + krb5_error_code (*verify) KRB5_NPROTOTYPE + ((krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec, + krb5_const krb5_data *input, krb5_const krb5_data *hash, + krb5_boolean *valid)); +}; + +typedef void (*krb5_encrypt_length_func) KRB5_NPROTOTYPE +((krb5_const struct krb5_enc_provider *enc, + krb5_const struct krb5_hash_provider *hash, + size_t inputlen, size_t *length)); + +typedef krb5_error_code (*krb5_crypt_func) KRB5_NPROTOTYPE +((krb5_const struct krb5_enc_provider *enc, + krb5_const struct krb5_hash_provider *hash, + krb5_const krb5_keyblock *key, krb5_keyusage usage, + krb5_const krb5_data *ivec, + krb5_const krb5_data *input, krb5_data *output)); + +typedef krb5_error_code (*krb5_str2key_func) KRB5_NPROTOTYPE +((krb5_const struct krb5_enc_provider *enc, krb5_const krb5_data *string, + krb5_const krb5_data *salt, krb5_keyblock *key)); + +struct krb5_keytypes { + krb5_enctype etype; + char *in_string; + char *out_string; + struct krb5_enc_provider *enc; + struct krb5_hash_provider *hash; + krb5_encrypt_length_func encrypt_len; + krb5_crypt_func encrypt; + krb5_crypt_func decrypt; + krb5_str2key_func str2key; +}; + +struct krb5_cksumtypes { + krb5_cksumtype ctype; + unsigned int flags; + char *in_string; + char *out_string; + /* if the hash is keyed, this is the etype it is keyed with. + Actually, it can be keyed by any etype which has the same + enc_provider as the specified etype. DERIVE checksums can + be keyed with any valid etype. */ + krb5_enctype keyed_etype; + /* I can't statically initialize a union, so I'm just going to use + two pointers here. The keyhash is used if non-NULL. If NULL, + then HMAC/hash with derived keys is used if the relevant flag + is set. Otherwise, a non-keyed hash is computed. This is all + kind of messy, but so is the krb5 api. */ + struct krb5_keyhash_provider *keyhash; + struct krb5_hash_provider *hash; +}; + +#define KRB5_CKSUMFLAG_DERIVE 0x0001 +#define KRB5_CKSUMFLAG_NOT_COLL_PROOF 0x0002 /* - * in here to deal with stuff from lib/crypto/os + * in here to deal with stuff from lib/crypto */ +void krb5_nfold +KRB5_PROTOTYPE((int inbits, krb5_const unsigned char *in, + int outbits, unsigned char *out)); + +krb5_error_code krb5_hmac +KRB5_PROTOTYPE((krb5_const struct krb5_hash_provider *hash, + krb5_const krb5_keyblock *key, unsigned int icount, + krb5_const krb5_data *input, krb5_data *output)); + + +#ifdef KRB5_OLD_CRYPTO +/* old provider api */ + typedef struct _krb5_cryptosystem_entry { krb5_magic magic; krb5_error_code (*encrypt_func) KRB5_NPROTOTYPE(( krb5_const_pointer /* in */, @@ -573,23 +716,6 @@ typedef struct _krb5_checksum_entry { unsigned int uses_key:1; } krb5_checksum_entry; - -/* This array is indexed by encryption type */ -extern krb5_cs_table_entry * NEAR krb5_csarray[]; -extern int krb5_max_cryptosystem; - -/* This array is indexed by key type */ -extern krb5_cs_table_entry * NEAR krb5_enctype_array[]; -extern krb5_enctype krb5_max_enctype; - -/* This array is indexed by checksum type */ -extern krb5_checksum_entry * NEAR krb5_cksumarray[]; -extern krb5_cksumtype krb5_max_cksum; - -KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_random_confounder - KRB5_PROTOTYPE((size_t, - krb5_pointer )); - krb5_error_code krb5_crypto_os_localaddr KRB5_PROTOTYPE((krb5_address ***)); @@ -599,7 +725,15 @@ krb5_error_code krb5_crypto_us_timeofday time_t gmt_mktime KRB5_PROTOTYPE((struct tm *)); -#endif /* KRB5_LIBOS_PROTO__ */ +#endif /* KRB5_OLD_CRYPTO */ + +/* this helper fct is in libkrb5, but it makes sense declared here. */ + +krb5_error_code krb5_encrypt_helper +KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_keyblock *key, + krb5_keyusage usage, krb5_const krb5_data *plain, + krb5_enc_data *cipher)); + /* * End "los-proto.h" */ @@ -1201,6 +1335,7 @@ krb5_error_code krb5_encode_kdc_rep KRB5_PROTOTYPE((krb5_context, krb5_const krb5_msgtype, krb5_const krb5_enc_kdc_rep_part *, + int using_subkey, krb5_const krb5_keyblock *, krb5_kdc_rep *, krb5_data ** )); |