svn rev #24212: branches/ krb5-1-8-nss/src/ krb5-1-8-nss/src/lib/crypto/ krb5-1-8-nss/src/lib/crypto/crypto_tests/ ...
relyea@MIT.EDU
relyea at MIT.EDU
Mon Jul 26 17:28:50 EDT 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=24212
Commit By: relyea
Log Message:
Add NSS as a crypto provider.
Changed Files:
A branches/krb5-1-8-nss/
U branches/krb5-1-8-nss/src/configure.in
U branches/krb5-1-8-nss/src/lib/crypto/Makefile.in
U branches/krb5-1-8-nss/src/lib/crypto/crypto_tests/t_encrypt.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/
A branches/krb5-1-8-nss/src/lib/crypto/nss/Makefile.in
A branches/krb5-1-8-nss/src/lib/crypto/nss/aes/
A branches/krb5-1-8-nss/src/lib/crypto/nss/aes/Makefile.in
A branches/krb5-1-8-nss/src/lib/crypto/nss/aes/deps
A branches/krb5-1-8-nss/src/lib/crypto/nss/deps
A branches/krb5-1-8-nss/src/lib/crypto/nss/des/
A branches/krb5-1-8-nss/src/lib/crypto/nss/des/Makefile.in
A branches/krb5-1-8-nss/src/lib/crypto/nss/des/deps
A branches/krb5-1-8-nss/src/lib/crypto/nss/des/des_int.h
A branches/krb5-1-8-nss/src/lib/crypto/nss/des/des_oldapis.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/des/f_parity.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/des/string2key.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/des/weak_key.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/
A branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/Makefile.in
A branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/aes.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/deps
A branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/des.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/des3.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/enc_gen.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/enc_provider.h
A branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/rc4.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/
A branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/Makefile.in
A branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/deps
A branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_crc32.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_gen.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_gen.h
A branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_md4.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_md5.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_provider.h
A branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_sha1.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/hmac.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/md4/
A branches/krb5-1-8-nss/src/lib/crypto/nss/md4/ISSUES
A branches/krb5-1-8-nss/src/lib/crypto/nss/md4/Makefile.in
A branches/krb5-1-8-nss/src/lib/crypto/nss/md4/deps
A branches/krb5-1-8-nss/src/lib/crypto/nss/md4/md4.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/md4/rsa-md4.h
A branches/krb5-1-8-nss/src/lib/crypto/nss/md5/
A branches/krb5-1-8-nss/src/lib/crypto/nss/md5/Makefile.in
A branches/krb5-1-8-nss/src/lib/crypto/nss/md5/deps
A branches/krb5-1-8-nss/src/lib/crypto/nss/md5/md5.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/md5/rsa-md5.h
A branches/krb5-1-8-nss/src/lib/crypto/nss/nss_gen.h
A branches/krb5-1-8-nss/src/lib/crypto/nss/pbkdf2.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/sha1/
A branches/krb5-1-8-nss/src/lib/crypto/nss/sha1/Makefile.in
A branches/krb5-1-8-nss/src/lib/crypto/nss/sha1/deps
A branches/krb5-1-8-nss/src/lib/crypto/nss/sha1/shs.c
A branches/krb5-1-8-nss/src/lib/crypto/nss/sha1/shs.h
A branches/krb5-1-8-nss/src/lib/crypto/nss/yhash.h
Modified: branches/krb5-1-8-nss/src/configure.in
===================================================================
--- tags/krb5-1-8-final/src/configure.in 2010-06-26 17:37:20 UTC (rev 24148)
+++ branches/krb5-1-8-nss/src/configure.in 2010-07-26 21:28:49 UTC (rev 24212)
@@ -125,6 +125,28 @@
], withval=builtin)
AC_CONFIG_COMMANDS(CRYPTO_IMPL, , CRYPTO_IMPL=$CRYPTO_IMPL)
AC_SUBST(CRYPTO_IMPL)
+#PKG_CHECK_MODULES(CRYPTO_IMPL, $CRYPTO_IMPL, [ withval != builtin ], )
+case "$withval" in
+openssl)
+ AC_CHECK_LIB(crypto, PKCS7_get_signer_info)
+ CRYPTO_IMPL_LIBS=
+ CRYPTO_IMPL_CFLAGS=
+ ;;
+builtin)
+ CRYPTO_IMPL_LIBS=
+ CRYPTO_IMPL_CFLAGS=
+ ;;
+nss)
+ CRYPTO_IMPL_CFLAGS=`pkg-config --cflags $CRYPTO_IMPL`
+ CRYPTO_IMPL_LIBS="-lnss3 $(pkg-config --libs nss-util)"
+ ;;
+*)
+ CRYPTO_IMPL_CFLAGS=`pkg-config --cflags $CRYPTO_IMPL`
+ CRYPTO_IMPL_LIBS=`pkg-config --libs $CRYPTO_IMPL`
+ ;;
+esac
+AC_SUBST(CRYPTO_IMPL_CFLAGS)
+AC_SUBST(CRYPTO_IMPL_LIBS)
# --with-kdc-kdb-update makes the KDC update the database with last request
# information and failure information.
Modified: branches/krb5-1-8-nss/src/lib/crypto/Makefile.in
===================================================================
--- tags/krb5-1-8-final/src/lib/crypto/Makefile.in 2010-06-26 17:37:20 UTC (rev 24148)
+++ branches/krb5-1-8-nss/src/lib/crypto/Makefile.in 2010-07-26 21:28:49 UTC (rev 24212)
@@ -38,7 +38,7 @@
# link editor and loader support it.
DEPLIBS=
SHLIB_DIRS=-L$(TOPLIBD)
-SHLIB_EXPLIBS= $(SUPPORT_LIB) @CRYPTO_LIBS@ $(LIBS)
+SHLIB_EXPLIBS= $(SUPPORT_LIB) @CRYPTO_LIBS@ @CRYPTO_IMPL_LIBS@ $(LIBS)
SHLIB_EXPDEPLIBS= $(SUPPORT_DEPLIB)
SHLIB_LDFLAGS= $(LDFLAGS) @SHLIB_RPATH_DIRS@
SHLIB_LIBDIRS= @SHLIB_LIBDIRS@
Modified: branches/krb5-1-8-nss/src/lib/crypto/crypto_tests/t_encrypt.c
===================================================================
--- tags/krb5-1-8-final/src/lib/crypto/crypto_tests/t_encrypt.c 2010-06-26 17:37:20 UTC (rev 24148)
+++ branches/krb5-1-8-nss/src/lib/crypto/crypto_tests/t_encrypt.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -75,6 +75,79 @@
return 0;
}
+
+static void dump_data(const char *label, const krb5_data *d)
+{
+ int need_terminate = 0;
+ unsigned int i;
+
+ /* magic */
+ if (label) printf("------------- %s ------------\n",label);
+ for (i=0; i < d->length; i++) {
+ need_terminate = 1;
+ printf(" %02x",(unsigned char )d->data[i]);
+ if ((i & 0xf) == 0xf) {
+ printf("\n");
+ need_terminate = 0;
+ }
+ }
+ if (need_terminate) printf("\n");
+ printf("-------------------------------\n");
+}
+
+
+static void dump_encdata(const char *label, const krb5_enc_data *encData)
+{
+ /* magic, enctype, kvno */
+ dump_data(label, &encData->ciphertext);
+}
+
+static void dump_keyblock(const char *label, const krb5_keyblock *keyblock)
+{
+ krb5_data d;
+ /* magic, enctype */
+ d.data = (char *)keyblock->contents;
+ d.length = keyblock->length;
+ dump_data(label, &d);
+}
+
+
+static char *iov_flag_string(krb5_cryptotype flag)
+{
+ switch (flag) {
+ case KRB5_CRYPTO_TYPE_EMPTY:
+ return "KRB5_CRYPTO_TYPE_EMPTY";
+ case KRB5_CRYPTO_TYPE_HEADER:
+ return "KRB5_CRYPTO_TYPE_HEADER";
+ case KRB5_CRYPTO_TYPE_DATA:
+ return "KRB5_CRYPTO_TYPE_DATA";
+ case KRB5_CRYPTO_TYPE_SIGN_ONLY:
+ return "KRB5_CRYPTO_TYPE_SIGN_ONLY";
+ case KRB5_CRYPTO_TYPE_PADDING:
+ return "KRB5_CRYPTO_TYPE_PADDING";
+ case KRB5_CRYPTO_TYPE_TRAILER:
+ return "KRB5_CRYPTO_TYPE_TRAILER";
+ case KRB5_CRYPTO_TYPE_CHECKSUM:
+ return "KRB5_CRYPTO_TYPE_CHECKSUM";
+ case KRB5_CRYPTO_TYPE_STREAM:
+ return "KRB5_CRYPTO_TYPE_STREAM";
+ default:
+ break;
+ }
+ return "Unknown!!";
+}
+
+static void dump_iov(const char *label, const krb5_crypto_iov *iov, int count)
+{
+ int i;
+ if(label) printf("************* %s ************\n",label);
+ printf(" %d elements\n", count);
+ for (i=0; i < count; i++) {
+ dump_data(iov_flag_string(iov[i].flags), &iov[i].data);
+ }
+}
+
+
int
main ()
{
@@ -121,6 +194,7 @@
krb5_init_keyblock (context, enctype, 0, &keyblock));
test ("Generating random keyblock",
krb5_c_make_random_key (context, enctype, keyblock));
+ dump_keyblock("Keyblock", keyblock);
test ("Creating opaque key from keyblock",
krb5_k_create_key (context, keyblock, &key));
@@ -134,6 +208,7 @@
/* Encrypt, decrypt, and see if we got the plaintext back again. */
test ("Encrypting (c)",
krb5_c_encrypt (context, keyblock, 7, 0, &in, &enc_out));
+ dump_encdata("Encrypt_c out", &enc_out);
test ("Decrypting",
krb5_c_decrypt (context, keyblock, 7, 0, &enc_out, &check));
test ("Comparing", compare_results (&in, &check));
@@ -142,6 +217,7 @@
memset(out.data, 0, out.length);
test ("Encrypting (k)",
krb5_k_encrypt (context, key, 7, 0, &in, &enc_out));
+ dump_encdata("Encrypt_k out", &enc_out);
test ("Decrypting",
krb5_k_decrypt (context, key, 7, 0, &enc_out, &check));
test ("Comparing", compare_results (&in, &check));
@@ -196,6 +272,7 @@
/* Encrypt and decrypt in place, and check the result. */
test("iov encrypting (c)",
krb5_c_encrypt_iov(context, keyblock, 7, 0, iov, 5));
+ dump_iov("Encrypt_c iov", iov, 5);
assert(iov[1].data.length == in.length);
test("iov decrypting",
krb5_c_decrypt_iov(context, keyblock, 7, 0, iov, 5));
@@ -206,6 +283,7 @@
test("iov encrypting (k)",
krb5_k_encrypt_iov(context, key, 7, 0, iov, 5));
assert(iov[1].data.length == in.length);
+ dump_iov("Encrypt_k iov", iov, 5);
test("iov decrypting",
krb5_k_decrypt_iov(context, key, 7, 0, iov, 5));
test("Comparing results",
@@ -219,8 +297,10 @@
krb5_c_init_state (context, keyblock, 7, &state));
test ("Encrypting with state",
krb5_c_encrypt (context, keyblock, 7, &state, &in, &enc_out));
+ dump_encdata("Encrypt_c state", &enc_out);
test ("Encrypting again with state",
krb5_c_encrypt (context, keyblock, 7, &state, &in2, &enc_out2));
+ dump_encdata("Encrypt_c state2", &enc_out2);
test ("free_state",
krb5_c_free_state (context, keyblock, &state));
test ("init_state",
@@ -251,6 +331,7 @@
check.length = 2048;
test ("Encrypting with RC4 key usage 8",
krb5_c_encrypt (context, keyblock, 8, 0, &in, &enc_out));
+ dump_encdata("Encrypt rc4 fallback", &enc_out);
test ("Decrypting with RC4 key usage 9",
krb5_c_decrypt (context, keyblock, 9, 0, &enc_out, &check));
test ("Comparing", compare_results (&in, &check));
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/Makefile.in
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/Makefile.in (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/Makefile.in 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,134 @@
+mydir=lib/crypto/nss
+BUILDTOP=$(REL)..$(S)..$(S)..
+SUBDIRS=des aes md4 md5 sha1 enc_provider hash_provider
+LOCALINCLUDES = -I$(srcdir)/../krb \
+ -I$(srcdir)/../krb/hash_provider \
+ -I$(srcdir)/des \
+ -I$(srcdir)/aes \
+ -I$(srcdir)/sha1 \
+ -I$(srcdir)/md4 \
+ -I$(srcdir)/md5 \
+ -I$(srcdir)/enc_provider \
+ -I$(srcdir)/hash_provider \
+ @CRYPTO_IMPL_CFLAGS@
+
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+DEFS=
+
+##DOSBUILDTOP = ..\..\..
+##DOSLIBNAME=$(OUTPRE)crypto.lib
+##DOSOBJFILE=$(OUTPRE)crypto.lst
+##DOSOBJFILELIST=@$(OUTPRE)crypto.lst @$(OUTPRE)des.lst @$(OUTPRE)md4.lst @$(OUTPRE)md5.lst @$(OUTPRE)sha1.lst @$(OUTPRE)crc32.lst @$(OUTPRE)dk.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)enc_prov.lst @$(OUTPRE)hash_pro.lst @$(OUTPRE)kh_pro.lst @$(OUTPRE)yarrow.lst @$(OUTPRE)aes.lst
+##DOSOBJFILEDEP =$(OUTPRE)crypto.lst $(OUTPRE)des.lst $(OUTPRE)md4.lst $(OUTPRE)md5.lst $(OUTPRE)sha1.lst $(OUTPRE)crc32.lst $(OUTPRE)dk.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)enc_prov.lst $(OUTPRE)hash_pro.lst $(OUTPRE)kh_pro.lst $(OUTPRE)aes.lst
+
+STLIBOBJS=\
+ hmac.o \
+ pbkdf2.o
+
+OBJS=\
+ $(OUTPRE)hmac.$(OBJEXT) \
+ $(OUTPRE)pbkdf2.$(OBJEXT)
+
+SRCS=\
+ $(srcdir)/hmac.c \
+ $(srcdir)/pbkdf2.c
+
+STOBJLISTS= des/OBJS.ST md4/OBJS.ST \
+ md5/OBJS.ST sha1/OBJS.ST \
+ enc_provider/OBJS.ST \
+ hash_provider/OBJS.ST \
+ aes/OBJS.ST \
+ OBJS.ST
+
+SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \
+ md5/OBJS.ST sha1/OBJS.ST \
+ enc_provider/OBJS.ST \
+ hash_provider/OBJS.ST \
+ aes/OBJS.ST
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix:: all-libobjs
+includes:: depend
+
+depend:: $(SRCS)
+
+clean-unix:: clean-libobjs
+
+all-windows::
+ cd ..\des
+ @echo Making in crypto\des
+ $(MAKE) -$(MFLAGS)
+ cd ..\md4
+ @echo Making in crypto\md4
+ $(MAKE) -$(MFLAGS)
+ cd ..\md5
+ @echo Making in crypto\md5
+ $(MAKE) -$(MFLAGS)
+ cd ..\sha1
+ @echo Making in crypto\sha1
+ $(MAKE) -$(MFLAGS)
+ cd ..\hash_provider
+ @echo Making in crypto\hash_provider
+ $(MAKE) -$(MFLAGS)
+ cd ..\enc_provider
+ @echo Making in crypto\enc_provider
+ $(MAKE) -$(MFLAGS)
+ cd ..\aes
+ @echo Making in crypto\aes
+ $(MAKE) -$(MFLAGS)
+ cd ..
+
+clean-windows::
+ cd ..\des
+ @echo Making clean in crypto\des
+ $(MAKE) -$(MFLAGS) clean
+ cd ..\md4
+ @echo Making clean in crypto\md4
+ $(MAKE) -$(MFLAGS) clean
+ cd ..\md5
+ @echo Making clean in crypto\md5
+ $(MAKE) -$(MFLAGS) clean
+ cd ..\sha1
+ @echo Making clean in crypto\sha1
+ $(MAKE) -$(MFLAGS) clean
+ cd ..\hash_provider
+ @echo Making clean in crypto\hash_provider
+ $(MAKE) -$(MFLAGS) clean
+ cd ..\enc_provider
+ @echo Making clean in crypto\enc_provider
+ $(MAKE) -$(MFLAGS) clean
+ cd ..\aes
+ @echo Making clean in crypto\aes
+ $(MAKE) -$(MFLAGS) clean
+ cd ..
+
+check-windows::
+ cd ..\des
+ @echo Making check in crypto\des
+ $(MAKE) -$(MFLAGS) check
+ cd ..\md4
+ @echo Making check in crypto\md4
+ $(MAKE) -$(MFLAGS) check
+ cd ..\md5
+ @echo Making check in crypto\md5
+ $(MAKE) -$(MFLAGS) check
+ cd ..\sha1
+ @echo Making check in crypto\sha1
+ $(MAKE) -$(MFLAGS) check
+ cd ..\hash_provider
+ @echo Making check in crypto\hash_provider
+ $(MAKE) -$(MFLAGS) check
+ cd ..\enc_provider
+ @echo Making check in crypto\enc_provider
+ $(MAKE) -$(MFLAGS) check
+ cd ..\aes
+ @echo Making check in crypto\aes
+ $(MAKE) -$(MFLAGS) check
+ cd ..
+
+
+ at lib_frag@
+ at libobj_frag@
+
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/aes/Makefile.in
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/aes/Makefile.in (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/aes/Makefile.in 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,40 @@
+# Nothing here! But we can't remove this directory as the build
+# system currently assumes that all modules have the same directory
+# structure.
+
+mydir=lib/crypto/nss/aes
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../../krb/dk -I$(srcdir)/../../../../include
+DEFS=
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR=aes
+##DOS##OBJFILE=..\$(OUTPRE)aes.lst
+
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
+STLIBOBJS=
+
+OBJS=
+
+SRCS=
+
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix:: all-libobjs
+
+includes:: depend
+
+depend:: $(SRCS)
+
+check::
+
+
+clean-unix:: clean-libobjs
+
+clean::
+
+ at libobj_frag@
+
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/aes/deps
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/aes/deps (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/aes/deps 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1 @@
+# No dependencies here.
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/deps
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/deps (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/deps 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,25 @@
+#
+# Generated makefile dependencies follow.
+#
+hmac.so hmac.po $(OUTPRE)hmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h $(srcdir)/hmac.c \
+ $(srcdir)/../krb/aead.h $(srcdir)/../krb/cksumtypes.h
+pbkdf2.so pbkdf2.po $(OUTPRE)pbkdf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h $(srcdir)/hash_provider/hash_provider.h \
+ $(srcdir)/pbkdf2.c
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/des/Makefile.in
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/des/Makefile.in (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/des/Makefile.in 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,49 @@
+mydir=lib/crypto/nss/des
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../.. -I$(srcdir)/../../krb @CRYPTO_IMPL_CFLAGS@
+
+DEFS=
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR=des
+##DOS##OBJFILE=..\$(OUTPRE)des.lst
+
+RUN_SETUP = @KRB5_RUN_ENV@
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
+
+STLIBOBJS= des_oldapis.o \
+ f_parity.o \
+ string2key.o \
+ weak_key.o
+
+OBJS= $(OUTPRE)f_parity.$(OBJEXT) \
+ $(OUTPRE)des_oldapis.$(OBJEXT) \
+ $(OUTPRE)string2key.$(OBJEXT) \
+ $(OUTPRE)weak_key.$(OBJEXT)
+
+SRCS= $(srcdir)/f_parity.c \
+ $(srcdir)/des_oldapis.c \
+ $(srcdir)/weak_key.c \
+ $(srcdir)/string2key.c
+
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix:: all-libobjs
+
+check-unix::
+
+includes:: depend
+
+depend:: $(SRCS)
+
+check-windows::
+
+clean::
+
+clean-unix:: clean-libobjs
+
+ at libobj_frag@
+
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/des/deps
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/des/deps (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/des/deps 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,47 @@
+#
+# Generated makefile dependencies follow.
+#
+f_parity.so f_parity.po $(OUTPRE)f_parity.$(OBJEXT): \
+ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+ $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ $(srcdir)/des_int.h $(srcdir)/f_parity.c
+des_oldapis.so des_oldapis.po $(OUTPRE)des_oldapis.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h $(srcdir)/des_int.h \
+ $(srcdir)/des_oldapis.c
+weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \
+ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+ $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ $(srcdir)/des_int.h $(srcdir)/weak_key.c
+string2key.so string2key.po $(OUTPRE)string2key.$(OBJEXT): \
+ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+ $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ $(srcdir)/des_int.h $(srcdir)/string2key.c
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/des/des_int.h
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/des/des_int.h (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/des/des_int.h 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,188 @@
+/*
+ * lib/crypto/des/des_int.h
+ *
+ * Copyright 1987, 1988, 1990, 2002, 2009 by the Massachusetts Institute of
+ * Technology. All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * Private include file for the Data Encryption Standard library.
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/* only do the whole thing once */
+#ifndef DES_INTERNAL_DEFS
+#define DES_INTERNAL_DEFS
+
+#include "k5-int.h"
+/*
+ * Begin "mit-des.h"
+ */
+#ifndef KRB5_MIT_DES__
+#define KRB5_MIT_DES__
+
+#if defined(__MACH__) && defined(__APPLE__)
+#include <TargetConditionals.h>
+#include <AvailabilityMacros.h>
+#if TARGET_RT_MAC_CFM
+#error "Use KfM 4.0 SDK headers for CFM compilation."
+#endif
+#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS)
+#define KRB5INT_DES_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5
+#endif
+#endif /* defined(__MACH__) && defined(__APPLE__) */
+
+/* Macro to add deprecated attribute to DES types and functions */
+/* Currently only defined on Mac OS X 10.5 and later. */
+#ifndef KRB5INT_DES_DEPRECATED
+#define KRB5INT_DES_DEPRECATED
+#endif
+
+#include <limits.h>
+
+#if UINT_MAX >= 0xFFFFFFFFUL
+#define DES_INT32 int
+#define DES_UINT32 unsigned int
+#else
+#define DES_INT32 long
+#define DES_UINT32 unsigned long
+#endif
+
+typedef unsigned char des_cblock[8] /* crypto-block size */
+KRB5INT_DES_DEPRECATED;
+
+/*
+ * Key schedule.
+ *
+ * This used to be
+ *
+ * typedef struct des_ks_struct {
+ * union { DES_INT32 pad; des_cblock _;} __;
+ * } des_key_schedule[16];
+ *
+ * but it would cause trouble if DES_INT32 were ever more than 4
+ * bytes. The reason is that all the encryption functions cast it to
+ * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If
+ * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the
+ * caller-allocated des_key_schedule will be overflowed by the key
+ * scheduling functions. We can't assume that every platform will
+ * have an exact 32-bit int, and nothing should be looking inside a
+ * des_key_schedule anyway.
+ */
+typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16]
+KRB5INT_DES_DEPRECATED;
+
+typedef des_cblock mit_des_cblock;
+typedef des_key_schedule mit_des_key_schedule;
+
+/* Triple-DES structures */
+typedef mit_des_cblock mit_des3_cblock[3];
+typedef mit_des_key_schedule mit_des3_key_schedule[3];
+
+#define MIT_DES_ENCRYPT 1
+#define MIT_DES_DECRYPT 0
+
+typedef struct mit_des_ran_key_seed {
+ krb5_encrypt_block eblock;
+ krb5_data sequence;
+} mit_des_random_state;
+
+/* the first byte of the key is already in the keyblock */
+
+#define MIT_DES_BLOCK_LENGTH (8*sizeof(krb5_octet))
+#define MIT_DES_CBC_CRC_PAD_MINIMUM CRC32_CKSUM_LENGTH
+/* This used to be 8*sizeof(krb5_octet) */
+#define MIT_DES_KEYSIZE 8
+
+#define MIT_DES_CBC_CKSUM_LENGTH (4*sizeof(krb5_octet))
+
+/*
+ * Check if k5-int.h has been included before us. If so, then check to see
+ * that our view of the DES key size is the same as k5-int.h's.
+ */
+#ifdef KRB5_MIT_DES_KEYSIZE
+#if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
+error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
+#endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
+#endif /* KRB5_MIT_DES_KEYSIZE */
+#endif /* KRB5_MIT_DES__ */
+/*
+ * End "mit-des.h"
+ */
+
+#define mit_des_zeroblock krb5int_c_mit_des_zeroblock
+extern const mit_des_cblock mit_des_zeroblock;
+
+/* key_parity.c */
+extern void mit_des_fixup_key_parity (mit_des_cblock );
+extern int mit_des_check_key_parity (mit_des_cblock );
+
+/* string2key.c */
+extern krb5_error_code mit_des_string_to_key
+ ( const krb5_encrypt_block *,
+ krb5_keyblock *, const krb5_data *, const krb5_data *);
+extern krb5_error_code mit_des_string_to_key_int
+ (krb5_keyblock *, const krb5_data *, const krb5_data *);
+
+/* weak_key.c */
+extern int mit_des_is_weak_key (mit_des_cblock );
+
+/* misc.c */
+extern void swap_bits (char *);
+extern unsigned long long_swap_bits (unsigned long );
+extern unsigned long swap_six_bits_to_ansi (unsigned long );
+extern unsigned long swap_four_bits_to_ansi (unsigned long );
+extern unsigned long swap_bit_pos_1 (unsigned long );
+extern unsigned long swap_bit_pos_0 (unsigned long );
+extern unsigned long swap_bit_pos_0_to_ansi (unsigned long );
+extern unsigned long rev_swap_bit_pos_0 (unsigned long );
+extern unsigned long swap_byte_bits (unsigned long );
+extern unsigned long swap_long_bytes_bit_number (unsigned long );
+#ifdef FILE
+/* XXX depends on FILE being a #define! */
+extern void test_set (FILE *, const char *, int, const char *, int);
+#endif
+#endif /*DES_INTERNAL_DEFS*/
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/des/des_oldapis.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/des/des_oldapis.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/des/des_oldapis.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,55 @@
+/*
+ * lib/crypto/openssl/des/des_oldapis.c
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+#include "k5-int.h"
+#include "des_int.h"
+#include <ctype.h>
+
+const mit_des_cblock mit_des_zeroblock /* = all zero */;
+
+unsigned long
+mit_des_cbc_cksum(const krb5_octet *in, krb5_octet *out,
+ unsigned long length, const mit_des_key_schedule schedule,
+ const krb5_octet *ivec)
+{
+ /* Unsupported operation */
+ return KRB5_CRYPTO_INTERNAL;
+}
+
+krb5_error_code
+mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data,
+ const krb5_data *salt)
+{
+ return KRB5_CRYPTO_INTERNAL;
+}
+
+int
+mit_des_key_sched(mit_des_cblock k, mit_des_key_schedule schedule)
+{
+ /* Unsupported operation */
+ return KRB5_CRYPTO_INTERNAL;
+}
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/des/f_parity.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/des/f_parity.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/des/f_parity.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,56 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * These routines check and fix parity of encryption keys for the DES
+ * algorithm.
+ *
+ * They are a replacement for routines in key_parity.c, that don't require
+ * the table building that they do.
+ *
+ * Mark Eichin -- Cygnus Support
+ */
+
+
+#include "des_int.h"
+
+/*
+ * des_fixup_key_parity: Forces odd parity per byte; parity is bits
+ * 8,16,...64 in des order, implies 0, 8, 16, ...
+ * vax order.
+ */
+#define smask(step) ((1<<step)-1)
+#define pstep(x,step) (((x)&smask(step))^(((x)>>step)&smask(step)))
+#define parity_char(x) pstep(pstep(pstep((x),4),2),1)
+
+void
+mit_des_fixup_key_parity(mit_des_cblock key)
+{
+ unsigned int i;
+ for (i=0; i<sizeof(mit_des_cblock); i++)
+ {
+ key[i] &= 0xfe;
+ key[i] |= 1^parity_char(key[i]);
+ }
+
+ return;
+}
+
+/*
+ * des_check_key_parity: returns true iff key has the correct des parity.
+ * See des_fix_key_parity for the definition of
+ * correct des parity.
+ */
+int
+mit_des_check_key_parity(mit_des_cblock key)
+{
+ unsigned int i;
+
+ for (i=0; i<sizeof(mit_des_cblock); i++)
+ {
+ if((key[i] & 1) == parity_char(0xfe&key[i]))
+ {
+ return 0;
+ }
+ }
+
+ return(1);
+}
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/des/string2key.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/des/string2key.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/des/string2key.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,85 @@
+/*
+ * lib/crypto/openssl/des/string2key.c
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "des_int.h"
+#include "pk11pub.h"
+#include "nss_gen.h"
+
+krb5_error_code
+mit_des_string_to_key_int (krb5_keyblock *key,
+ const krb5_data *pw, const krb5_data *salt)
+{
+ PK11SlotInfo *slot = NULL;
+ PK11SymKey *symKey = NULL;
+ SECItem pwItem;
+ SECItem paramsItem;
+ CK_PBE_PARAMS pbe_params;
+ CK_MECHANISM_TYPE pbeMech = CKM_NETSCAPE_PBE_SHA1_DES_CBC;
+ krb5_error_code ret = -1;
+ SECItem *keyData;
+
+ ret=k5_nss_init();
+ if (ret) return ret;
+
+ slot = PK11_GetBestSlot(pbeMech, NULL);
+ if (slot == NULL) {
+ ret = k5_nss_map_last_error();
+ goto loser;
+ }
+
+ pwItem.data = (unsigned char *)pw->data;
+ pwItem.len = pw->length;
+ pbe_params.pSalt = (unsigned char *)salt->data;
+ pbe_params.ulSaltLen = salt->length;
+ pbe_params.ulIteration = 1;
+ paramsItem.data = (unsigned char *)&pbe_params;
+ paramsItem.len = sizeof(pbe_params);
+
+ symKey = PK11_RawPBEKeyGen(slot, pbeMech, ¶msItem, &pwItem,
+ PR_FALSE, NULL);
+ if (symKey == NULL) {
+ ret = k5_nss_map_last_error();
+ goto loser;
+ }
+ PK11_ExtractKeyValue(symKey);
+ keyData = PK11_GetKeyData(symKey);
+ if (!keyData) {
+ ret = k5_nss_map_last_error();
+ goto loser;
+ }
+ key->length = keyData->len;
+ memcpy(key->contents, keyData->data, key->length);
+ ret = 0;
+
+loser:
+ if (symKey) {
+ PK11_FreeSymKey(symKey);
+ }
+ if (slot) {
+ PK11_FreeSlot(slot);
+ }
+ return ret;
+}
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/des/weak_key.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/des/weak_key.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/des/weak_key.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,83 @@
+/*
+ * lib/crypto/openssl/des/weak_key.c
+ *
+ * Copyright 1989,1990,2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * Under U.S. law, this software may not be exported outside the US
+ * without license from the U.S. Commerce department.
+ *
+ * These routines form the library interface to the DES facilities.
+ *
+ * Originally written 8/85 by Steve Miller, MIT Project Athena.
+ */
+
+#include "des_int.h"
+
+/*
+ * The following are the weak DES keys:
+ */
+static const mit_des_cblock weak[16] = {
+ /* weak keys */
+ {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+ {0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe},
+ {0x1f,0x1f,0x1f,0x1f,0x0e,0x0e,0x0e,0x0e},
+ {0xe0,0xe0,0xe0,0xe0,0xf1,0xf1,0xf1,0xf1},
+
+ /* semi-weak */
+ {0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe},
+ {0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01},
+
+ {0x1f,0xe0,0x1f,0xe0,0x0e,0xf1,0x0e,0xf1},
+ {0xe0,0x1f,0xe0,0x1f,0xf1,0x0e,0xf1,0x0e},
+
+ {0x01,0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1},
+ {0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1,0x01},
+
+ {0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e,0xfe},
+ {0xfe,0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e},
+
+ {0x01,0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e},
+ {0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e,0x01},
+
+ {0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1,0xfe},
+ {0xfe,0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1}
+};
+
+/*
+ * mit_des_is_weak_key: returns true iff key is a [semi-]weak des key.
+ *
+ * Requires: key has correct odd parity.
+ */
+int
+mit_des_is_weak_key(mit_des_cblock key)
+{
+ unsigned int i;
+ const mit_des_cblock *weak_p = weak;
+
+ for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) {
+ if (!memcmp(weak_p++,key,sizeof(mit_des_cblock)))
+ return 1;
+ }
+ return 0;
+}
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/Makefile.in
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/Makefile.in (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/Makefile.in 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,51 @@
+mydir=lib/crypto/nss/enc_provider
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES = -I$(srcdir)/../des \
+ -I$(srcdir)/../arcfour \
+ -I$(srcdir)/../aes \
+ -I$(srcdir)/../../krb \
+ -I$(srcdir)/../../krb/rand2key \
+ -I$(srcdir)/.. -I$(srcdir)/. \
+ @CRYPTO_IMPL_CFLAGS@
+DEFS=
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR=enc_provider
+##DOS##OBJFILE=..\$(OUTPRE)enc_prov.lst
+
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
+STLIBOBJS= \
+ enc_gen.o \
+ des.o \
+ des3.o \
+ rc4.o \
+ aes.o
+
+OBJS= \
+ $(OUTPRE)enc_gen.$(OBJEXT) \
+ $(OUTPRE)des.$(OBJEXT) \
+ $(OUTPRE)des3.$(OBJEXT) \
+ $(OUTPRE)aes.$(OBJEXT) \
+ $(OUTPRE)rc4.$(OBJEXT)
+
+SRCS= \
+ $(srcdir)/enc_gen.c \
+ $(srcdir)/des.c \
+ $(srcdir)/des3.c \
+ $(srcdir)/aes.c \
+ $(srcdir)/rc4.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix:: all-libobjs
+
+includes:: depend
+
+depend:: $(SRCS)
+
+clean-unix:: clean-libobjs
+
+ at libobj_frag@
+
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/aes.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/aes.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/aes.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,101 @@
+/*
+ * lib/crypto/nss/enc_provider/aes.c
+ *
+ * Copyright (C) 2003, 2007, 2008, 2009 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2010 Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "enc_provider.h"
+#include "rand2key.h"
+#include "aead.h"
+#include "nss_gen.h"
+
+
+krb5_error_code
+krb5int_aes_encrypt(krb5_key key,
+ const krb5_data *ivec,
+ krb5_crypto_iov *data,
+ size_t num_data)
+{
+ int ret;
+ ret = k5_nss_gen_import(key, CKM_AES_CBC, CKA_ENCRYPT);
+ if (ret != 0) {
+ return ret;
+ }
+ return k5_nss_gen_cts_iov(key, CKM_AES_CBC, CKA_ENCRYPT,
+ ivec, data, num_data);
+}
+
+krb5_error_code
+krb5int_aes_decrypt(krb5_key key,
+ const krb5_data *ivec,
+ krb5_crypto_iov *data,
+ size_t num_data)
+{
+ int ret;
+ ret = k5_nss_gen_import(key, CKM_AES_CBC, CKA_DECRYPT);
+ if (ret != 0) {
+ return ret;
+ }
+ return k5_nss_gen_cts_iov(key, CKM_AES_CBC, CKA_DECRYPT,
+ ivec, data, num_data);
+}
+
+/*
+ * perhaps we should store the NSS context in the krb5_data state here?
+ */
+static krb5_error_code
+aes_init_state (const krb5_keyblock *key, krb5_keyusage usage,
+ krb5_data *state)
+{
+ state->length = 16;
+ state->data = (void *) malloc(16);
+ if (state->data == NULL)
+ return ENOMEM;
+ memset(state->data, 0, state->length);
+ return 0;
+}
+
+const struct krb5_enc_provider krb5int_enc_aes128 = {
+ 16,
+ 16, 16,
+ krb5int_aes_encrypt,
+ krb5int_aes_decrypt,
+ NULL,
+ krb5int_aes_make_key,
+ aes_init_state,
+ krb5int_default_free_state,
+};
+
+const struct krb5_enc_provider krb5int_enc_aes256 = {
+ 16,
+ 32, 32,
+ krb5int_aes_encrypt,
+ krb5int_aes_decrypt,
+ NULL,
+ krb5int_aes_make_key,
+ aes_init_state,
+ krb5int_default_free_state,
+ k5_nss_gen_cleanup
+};
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/deps
===================================================================
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/des.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/des.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/des.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,100 @@
+/* lib/crypto/nss/enc_provider/des.c
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2010 Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include "nss_gen.h"
+#include <aead.h>
+#include <rand2key.h>
+#include "des_int.h"
+
+
+static krb5_error_code
+k5_des_encrypt_iov(krb5_key key,
+ const krb5_data *ivec,
+ krb5_crypto_iov *data,
+ size_t num_data)
+{
+ int ret;
+ ret = k5_nss_gen_import(key, CKM_DES_CBC, CKA_ENCRYPT);
+ if (ret != 0) {
+ return ret;
+ }
+ return k5_nss_gen_block_iov(key, CKM_DES_CBC, CKA_ENCRYPT,
+ ivec, data, num_data);
+}
+
+static krb5_error_code
+k5_des_decrypt_iov(krb5_key key,
+ const krb5_data *ivec,
+ krb5_crypto_iov *data,
+ size_t num_data)
+{
+ int ret;
+ ret = k5_nss_gen_import(key, CKM_DES_CBC, CKA_ENCRYPT);
+ if (ret != 0) {
+ return ret;
+ }
+ return k5_nss_gen_block_iov(key, CKM_DES_CBC, CKA_DECRYPT,
+ ivec, data, num_data);
+}
+
+const struct krb5_enc_provider krb5int_enc_des = {
+ 8,
+ 7, KRB5_MIT_DES_KEYSIZE,
+ k5_des_encrypt_iov,
+ k5_des_decrypt_iov,
+ NULL,
+ krb5int_des_make_key,
+ krb5int_des_init_state,
+ krb5int_default_free_state,
+ k5_nss_gen_cleanup
+};
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/des3.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/des3.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/des3.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,100 @@
+/* lib/crypto/nss/enc_provider/des3.c
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2010 Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include "nss_gen.h"
+#include <aead.h>
+#include <rand2key.h>
+#include "des_int.h"
+
+
+static krb5_error_code
+k5_des3_encrypt_iov(krb5_key key,
+ const krb5_data *ivec,
+ krb5_crypto_iov *data,
+ size_t num_data)
+{
+ int ret;
+ ret = k5_nss_gen_import(key, CKM_DES3_CBC, CKA_ENCRYPT);
+ if (ret != 0) {
+ return ret;
+ }
+ return k5_nss_gen_block_iov(key, CKM_DES3_CBC, CKA_ENCRYPT,
+ ivec, data, num_data);
+}
+
+static krb5_error_code
+k5_des3_decrypt_iov(krb5_key key,
+ const krb5_data *ivec,
+ krb5_crypto_iov *data,
+ size_t num_data)
+{
+ int ret;
+ ret = k5_nss_gen_import(key, CKM_DES3_CBC, CKA_ENCRYPT);
+ if (ret != 0) {
+ return ret;
+ }
+ return k5_nss_gen_block_iov(key, CKM_DES3_CBC, CKA_DECRYPT,
+ ivec, data, num_data);
+}
+
+const struct krb5_enc_provider krb5int_enc_des3 = {
+ 8,
+ 21, KRB5_MIT_DES3_KEYSIZE,
+ k5_des3_encrypt_iov,
+ k5_des3_decrypt_iov,
+ NULL,
+ krb5int_des3_make_key,
+ krb5int_des_init_state,
+ krb5int_default_free_state,
+ k5_nss_gen_cleanup
+};
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/enc_gen.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/enc_gen.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/enc_gen.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,654 @@
+/*
+ * lib/crypto/nss/enc_provider/enc_gen.c
+ *
+ * Copyright (C) 2003, 2007, 2008, 2009 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2010 Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* compile options (should move to configure)... */
+#define USE_OPAQUE_KEYS 1
+#define DO_FAST_XOR 1
+/*#define FAKE_FIPS 1 */
+
+#include "k5-int.h"
+#include "nss_gen.h"
+#include "enc_provider.h"
+#include "rand2key.h"
+#include "aead.h"
+#include "seccomon.h"
+#include "pk11pub.h"
+#ifndef USE_OPAQUE_KEYS
+/* use of this function is discouraged */
+#define PK11_CreateContextByRawKey __PK11_CreateContextByRawKey
+#include "pk11priv.h"
+#endif
+#include "nss.h"
+
+/* 512 bits is bigger than anything defined to date */
+#define MAX_KEY_LENGTH 64
+#define MAX_BLOCK_SIZE 64
+
+
+krb5_error_code
+k5_nss_map_error(int nss_error)
+{
+ /* currently KRB5 does not define a full set CRYPTO failures.
+ * for now just use KRB5_CRYPTO_INTERNAL. We really should return
+ * errors for Not logged in, and maybe a few others */
+ return KRB5_CRYPTO_INTERNAL;
+}
+
+krb5_error_code
+k5_nss_map_last_error() {
+ return k5_nss_map_error(PORT_GetError());
+}
+
+static NSSInitContext *krb5_nss_init = NULL;
+
+/*
+ * krb5 doesn't have a call into the crypto engine to initialize it, so
+ * we do it here. This code will try to piggyback on any application
+ * initialization done to NSS. Otherwise get get our one library init context.
+ */
+krb5_error_code
+k5_nss_init()
+{
+#ifdef LINUX
+ /* default to the system NSS */
+#define NSS_KRB5_CONFIGDIR "sql:/etc/pki/nssdb"
+#define NSS_KRB5_FLAGS 0
+#else
+ /* other platforms don't have a system NSS defined yet, do a nodb init */
+#define NSS_KRB5_CONFIGDIR NULL
+#define NSS_KRB5_FLAGS NSS_INIT_NOMODDB|NSS_INIT_NOCERTDB
+#endif
+ if (krb5_nss_init) {
+ /* we've already initialized NSS */
+ return 0;
+ }
+ if (NSS_IsInitialized()) {
+ /* someone else has initialized NSS */
+ return 0;
+ }
+ krb5_nss_init = NSS_InitContext(NSS_KRB5_CONFIGDIR, "", "", "", NULL,
+ NSS_INIT_READONLY|NSS_INIT_NOROOTINIT|NSS_KRB5_FLAGS);
+ if (!krb5_nss_init) {
+ return k5_nss_map_last_error();
+ }
+ return 0;
+}
+
+
+PK11Context *
+k5_nss_create_context(krb5_key krb_key, CK_MECHANISM_TYPE mechanism,
+ CK_ATTRIBUTE_TYPE operation, SECItem * param)
+{
+#ifdef USE_OPAQUE_KEYS
+ PK11SymKey *key = (PK11SymKey *)krb_key->cache;
+
+ return PK11_CreateContextBySymKey(mechanism, operation, key, param);
+#else
+ PK11Context *ctx = NULL;
+ PK11SlotInfo *slot;
+ SECItem key;
+
+ key.data = krb_key->keyblock.contents;
+ key.len = krb_key->keyblock.length;
+ slot = PK11_GetBestSlot(mechanism, NULL);
+ if (slot == NULL) {
+ return NULL;
+ }
+ ctx = PK11_CreateContextByRawKey(slot,mechanism, PK11_OriginGenerated,
+ operation, &key, param, NULL);
+ PK11_FreeSlot(slot);
+ return ctx;
+#endif
+}
+
+static void inline
+xor(unsigned char *x, unsigned char *y, int size)
+{
+ int i;
+#ifdef DO_FAST_XOR
+#define ALIGNED(x,type) (!(((size_t)(x))&(sizeof(type)-1)))
+ if (ALIGNED(x,unsigned long) && ALIGNED(y, unsigned long)
+ && ALIGNED(size, unsigned long)) {
+ unsigned long *ux = (unsigned long *)x;
+ unsigned long *uy = (unsigned long *)y;
+ for (i=0; i < (int)(size/sizeof(unsigned long)); i++) {
+ *ux++ ^= *uy++;
+ }
+ return;
+ }
+#endif
+ for (i=0; i < size; i++) {
+ *x++ ^= *y++;
+ }
+}
+
+krb5_error_code
+k5_nss_gen_block_iov(krb5_key krb_key, CK_MECHANISM_TYPE mech,
+ CK_ATTRIBUTE_TYPE operation,
+ const krb5_data *ivec,
+ krb5_crypto_iov *data,
+ size_t num_data)
+{
+ int ret = 0;
+ PK11Context *ctx = NULL;
+ SECStatus rv;
+ SECItem *param = NULL;
+ struct iov_block_state input_pos, output_pos;
+ unsigned char storage[MAX_BLOCK_SIZE];
+ unsigned char iv0[MAX_BLOCK_SIZE];
+ unsigned char *ptr = NULL,*lastptr = NULL;
+ SECItem iv;
+ size_t blocksize;
+ int length = 0;
+ int lastblock = -1;
+ int currentblock;
+
+
+ IOV_BLOCK_STATE_INIT(&input_pos);
+ IOV_BLOCK_STATE_INIT(&output_pos);
+
+ blocksize = PK11_GetBlockSize(mech, NULL);
+ assert(blocksize <= sizeof(storage));
+
+ if (ivec && ivec->data) {
+ iv.data = (unsigned char *)ivec->data;
+ iv.len = ivec->length;
+ if (operation == CKA_DECRYPT) {
+ int i, inputlength;
+
+ /* count the blocks so we know which block is last */
+ for (i=0, inputlength=0; i < (int)num_data; i++) {
+ krb5_crypto_iov *iov=&data[i];
+
+ if (ENCRYPT_IOV(iov)) {
+ inputlength += iov->data.length;
+ }
+ }
+ lastblock = (inputlength/blocksize) -1;
+ }
+ } else {
+ memset(iv0, 0, sizeof(iv0));
+ iv.data = iv0;
+ iv.len = blocksize;
+ }
+ param = PK11_ParamFromIV(mech, &iv);
+
+ ctx = k5_nss_create_context(krb_key, mech, operation, param);
+ if (ctx == NULL) {
+ ret = k5_nss_map_last_error();
+ goto done;
+ }
+
+ for (currentblock = 0;;currentblock++) {
+ ptr = iov_next_block(storage, blocksize, data, num_data,
+ &input_pos);
+ if (ptr == NULL)
+ break;
+
+ lastptr = NULL;
+
+ /* only set if we are decrypting */
+ if (lastblock == currentblock) {
+ memcpy(ivec->data, ptr, blocksize);
+ }
+
+ rv = PK11_CipherOp(ctx, ptr, &length, blocksize, ptr, blocksize);
+ if (rv != SECSuccess) {
+ ret = k5_nss_map_last_error();
+ break;
+ }
+
+ lastptr = ptr;
+ iov_store_block(data, num_data, ptr, storage, blocksize,
+ &output_pos);
+ }
+
+ if (lastptr && ivec && ivec->data && operation == CKA_ENCRYPT) {
+ memcpy(ivec->data, lastptr, blocksize);
+ }
+done:
+ if (ctx) {
+ PK11_Finalize(ctx);
+ }
+
+ if (param) {
+ SECITEM_FreeItem(param, PR_TRUE);
+ }
+ return ret;
+}
+
+krb5_error_code
+k5_nss_stream_init_state(krb5_data *new_state)
+{
+ new_state->data = NULL;
+ new_state->length = 0;
+ return 0;
+}
+
+krb5_error_code
+k5_nss_stream_free_state(krb5_data *state)
+{
+ if (state->length == (unsigned)-1 && state->data) {
+ PK11_Finalize((PK11Context *)state->data);
+ }
+ return 0;
+}
+
+krb5_error_code
+k5_nss_gen_stream_iov(krb5_key krb_key, krb5_data *state,
+ CK_MECHANISM_TYPE mech,
+ CK_ATTRIBUTE_TYPE operation,
+ krb5_crypto_iov *data,
+ size_t num_data)
+{
+ int ret = 0;
+ PK11Context *ctx = NULL;
+ SECStatus rv;
+ SECItem param;
+ krb5_crypto_iov *iov;
+ int i;
+
+ param.data = NULL;
+ param.len = 0;
+
+ if (state && state->data) {
+ ctx = (PK11Context *)state->data;
+ } else {
+ ctx = k5_nss_create_context(krb_key, mech, operation, ¶m);
+ if (state && ctx) {
+ state->data = (char *)ctx;
+ state->length = -1; /* you don't get to copy this, */
+ /* blow up if you try */
+ }
+ }
+ if (ctx == NULL) {
+ ret = k5_nss_map_last_error();
+ goto done;
+ }
+
+ for (i=0; i < (int)num_data; i++) {
+ int return_length;
+ iov = &data[i];
+ if (iov->data.length <= 0) break;
+
+ if (ENCRYPT_IOV(iov)) {
+ rv = PK11_CipherOp(ctx, (unsigned char *)iov->data.data,
+ &return_length, iov->data.length,
+ (unsigned char *)iov->data.data, iov->data.length);
+ if (rv != SECSuccess) {
+ ret = k5_nss_map_last_error();
+ goto done;
+ }
+ iov->data.length = return_length;
+ }
+ }
+done:
+ if (!state && ctx) {
+ PK11_Finalize(ctx);
+ }
+ return ret;
+}
+
+krb5_error_code
+k5_nss_gen_cts_iov(krb5_key krb_key, CK_MECHANISM_TYPE mech,
+ CK_ATTRIBUTE_TYPE operation,
+ const krb5_data *ivec,
+ krb5_crypto_iov *data,
+ size_t num_data)
+{
+ int ret = 0;
+ PK11Context *ctx = NULL;
+ SECStatus rv;
+ SECItem *param = NULL;
+ struct iov_block_state input_pos, output_pos;
+ unsigned char storage[MAX_BLOCK_SIZE];
+ unsigned char recover1[MAX_BLOCK_SIZE];
+ unsigned char recover2[MAX_BLOCK_SIZE];
+ unsigned char block1[MAX_BLOCK_SIZE];
+ unsigned char block2[MAX_BLOCK_SIZE];
+ unsigned char iv0[MAX_BLOCK_SIZE];
+ unsigned char *ptr = NULL;
+ SECItem iv;
+ size_t blocksize;
+ size_t bulk_length, remainder;
+ size_t input_length, lastblock;
+ size_t length;
+ int i, len;
+
+ IOV_BLOCK_STATE_INIT(&input_pos);
+ IOV_BLOCK_STATE_INIT(&output_pos);
+
+ blocksize = PK11_GetBlockSize(mech, NULL);
+ assert(blocksize <= sizeof(storage));
+
+ if (ivec) {
+ iv.data = (unsigned char *)ivec->data;
+ iv.len = ivec->length;
+ } else {
+ memset(iv0, 0, sizeof(iv0));
+ iv.data = iv0;
+ iv.len = blocksize;
+ }
+ param = PK11_ParamFromIV(mech, &iv);
+
+ for (i=0, input_length=0; i < (int)num_data; i++) {
+ krb5_crypto_iov *iov=&data[i];
+
+ if (ENCRYPT_IOV(iov)) {
+ input_length += iov->data.length;
+ }
+ }
+ /* must be at least a block or we fail */
+ if (input_length < blocksize) {
+ ret = -1;
+ goto done;
+ }
+
+ bulk_length = (input_length / blocksize)*blocksize;
+ remainder = input_length - bulk_length;
+ /* do the block swap even if the input data is aligned, only
+ * drop it if we are encrypting exactly one block */
+ if (remainder == 0 && bulk_length != blocksize) {
+ remainder = blocksize;
+ bulk_length -= blocksize;
+ }
+
+ ctx = k5_nss_create_context(krb_key, mech, operation, param);
+ if (ctx == NULL) {
+ ret = k5_nss_map_last_error();
+ goto done;
+ }
+
+ /* now we bulk encrypt each block in the loop. We need to know where
+ * to stop to do special processing. For single block operations
+ * we stop at the end. For all others we stop and the last second to last
+ * block (counting partial blocks). For decrypt operations we need to save
+ * cn-2 so we stop at the third to last block if it exists, Otherwise
+ * cn-2 = the iv */
+ lastblock = bulk_length;
+ if (remainder) {
+ /* we need to process the last full block and last partitial block
+ * differently */
+ lastblock = bulk_length - blocksize;
+ if (operation == CKA_DECRYPT) {
+ if (bulk_length > blocksize) {
+ /* stop at cn-2 so we can save it before going on */
+ lastblock = bulk_length - 2*blocksize;
+ } else {
+ /* iv is cn-2, save it now, cn - 2 */
+ memcpy(recover1, iv.data, blocksize);
+ memcpy(recover2, iv.data, blocksize);
+ }
+ }
+ }
+ for (length = 0; length < lastblock; length += blocksize) {
+ ptr = iov_next_block(storage, blocksize, data, num_data,
+ &input_pos);
+ if (ptr == NULL)
+ break;
+
+ rv = PK11_CipherOp(ctx, ptr, &len, blocksize, ptr, blocksize);
+ if (rv != SECSuccess) {
+ ret = k5_nss_map_last_error();
+ break;
+ }
+
+ iov_store_block(data, num_data, ptr, storage, blocksize,
+ &output_pos);
+ }
+ if (remainder) {
+ if (operation == CKA_DECRYPT) {
+ if (bulk_length > blocksize) {
+ /* we need to save cn-2 */
+ ptr = iov_next_block(storage, blocksize, data, num_data,
+ &input_pos);
+ if (ptr == NULL)
+ goto done; /* shouldn't happen */
+
+ /* save cn-2 */
+ memcpy(recover1, ptr, blocksize);
+ memcpy(recover2, ptr, blocksize);
+
+ /* now process it as normal */
+ rv = PK11_CipherOp(ctx, ptr, &len, blocksize, ptr, blocksize);
+ if (rv != SECSuccess) {
+ ret = k5_nss_map_last_error();
+ goto done;
+ }
+
+ iov_store_block(data, num_data, ptr, storage, blocksize,
+ &output_pos);
+ }
+ }
+ /* fetch the last 2 blocks */
+ memset(block1, 0, blocksize); /* last block, could be partial */
+ krb5int_c_iov_get_block(block2, blocksize, data, num_data, &input_pos);
+ krb5int_c_iov_get_block(block1, remainder, data, num_data, &input_pos);
+ if (operation == CKA_DECRYPT) {
+ /* recover1 and recover2 are xor values to recover the true
+ * underlying data of the last 2 decrypts. This keeps us from having
+ * to try to reset our IV to do the final decryption. */
+ /* currently: block1 is cn || 0, block2 is cn-1.
+ * recover1 & recover2 is set to cn-2 */
+ /* recover2 recovers pn || c' from p'n-1. The raw decrypted block
+ * will be p'n-1 xor with cn-2 while pn || c' = p'n-1 xor cn || 0.
+ * recover2 is cn-2 xor cn || 0, so we can simple xor recover1
+ * with the raw decrypted block */
+ /* recover1 recovers pn-1 from the raw decryption of cn || c'.
+ * the raw decrypt of cn || c' = p'n xor cn-1 while
+ * pn-1 = p'n xor cn-2
+ * recover1 is cn-2 xor cn-1, so we can simple xor recover 2 with
+ * the raw decrypt of cn||c' to get pn-1 */
+ xor(recover1, block2, blocksize);
+ xor(recover2, block1, blocksize);
+ if (ivec && ivec->data) {
+ memcpy(ivec->data, block2, blocksize);
+ }
+ }
+ rv = PK11_CipherOp(ctx, block2, &len, blocksize, block2, blocksize);
+ if (rv != SECSuccess) {
+ ret = k5_nss_map_last_error();
+ goto done;
+ }
+ if (operation == CKA_DECRYPT) {
+ /* block2 now has p'n-1 xor cn-2 */
+ xor(block2, recover2, blocksize);
+ /* block 2 now has pn || c' */
+ /* copy c' into cn || c' */
+ memcpy(block1+remainder, block2+remainder, blocksize-remainder);
+ }
+ rv = PK11_CipherOp(ctx, block1, &len, blocksize, block1, blocksize);
+ if (rv != SECSuccess) {
+ ret = k5_nss_map_last_error();
+ goto done;
+ }
+ if (operation == CKA_DECRYPT) {
+ /* block1 now has p'n xor cn-1 */
+ xor(block1, recover1, blocksize);
+ /* block 1 now has pn-1 */
+ } else {
+ if (ivec && ivec->data) {
+ memcpy(ivec->data, block1, blocksize);
+ }
+ }
+ krb5int_c_iov_put_block(data,num_data, block1, blocksize, &output_pos);
+ krb5int_c_iov_put_block(data,num_data, block2, remainder, &output_pos);
+ }
+
+done:
+ if (ctx) {
+ PK11_Finalize(ctx);
+ }
+
+ if (param) {
+ SECITEM_FreeItem(param, PR_TRUE);
+ }
+ return ret;
+}
+
+void
+k5_nss_gen_cleanup(krb5_key krb_key)
+{
+#ifdef USE_OPAQUE_KEYS
+ PK11SymKey *key = (PK11SymKey *)krb_key->cache;
+
+ if (key) {
+ PK11_FreeSymKey(key);
+ krb_key->cache = NULL;
+ }
+#endif
+}
+
+krb5_error_code
+k5_nss_gen_import(krb5_key krb_key, CK_MECHANISM_TYPE mech,
+ CK_ATTRIBUTE_TYPE operation)
+{
+ int ret = 0;
+#ifdef USE_OPAQUE_KEYS
+ PK11SymKey *key = (PK11SymKey *)krb_key->cache;
+ PK11SlotInfo *slot = NULL;
+ SECItem raw_key;
+#ifdef FAKE_FIPS
+ PK11SymKey *wrapping_key = NULL;
+ PK11Context *ctx = NULL;
+ SECItem wrapped_key;
+ SECItem params;
+ unsigned char wrapped_key_data[MAX_KEY_LENGTH];
+ unsigned char padded_key_data[MAX_KEY_LENGTH];
+ int wrapping_index, series, blocksize;
+ int keyLength;
+ CK_MECHANISM_TYPE mechanism;
+ SECStatus rv;
+#endif
+
+ if (key) { return 0; }
+
+ ret = k5_nss_init();
+ if (ret) return ret;
+
+ slot = PK11_GetBestSlot(mech, NULL);
+ if (slot == NULL) {
+ ret = k5_nss_map_last_error();
+ goto done;
+ }
+ raw_key.data = krb_key->keyblock.contents;
+ raw_key.len = krb_key->keyblock.length;
+
+#ifdef FAKE_FIPS
+ /* first, fetch a wrapping key */
+ wrapping_index = PK11_GetCurrentWrapIndex(slot);
+ series = PK11_GetSlotSeries(slot);
+ wrapping_key =PK11_GetWrapKey(slot, wrapping_index,
+ CKM_INVALID_MECHANISM, series, NULL);
+ if (wrapping_key == NULL) {
+ /* one doesn't exist, create one */
+ mechanism = PK11_GetBestWrapMechanism(slot);
+ keyLength = PK11_GetBestKeyLength(slot, mechanism);
+ wrapping_key = PK11_TokenKeyGenWithFlags(slot, mechanism, NULL,
+ keyLength, NULL, CKF_UNWRAP|CKF_ENCRYPT, 0,
+ NULL);
+ if (!wrapping_key) {
+ ret = k5_nss_map_last_error();
+ goto done;
+ }
+ PK11_SetWrapKey(slot, wrapping_index, wrapping_key);
+ }
+
+ /* now encrypt the data with the wrapping key */
+ mechanism = PK11_GetMechanism(wrapping_key);
+ params.data = NULL;
+ params.len = 0;
+ ctx = PK11_CreateContextBySymKey(mechanism, CKA_ENCRYPT,
+ wrapping_key, ¶ms);
+ if (ctx == NULL) {
+ ret = k5_nss_map_last_error();
+ goto done;
+ }
+
+ wrapped_key.data = wrapped_key_data;
+ wrapped_key.len = sizeof(wrapped_key_data);
+ blocksize = PK11_GetBlockSize(mechanism, NULL);
+ keyLength = raw_key.len;
+
+ /*
+ * ECB modes need keys in integral multiples of the block size.
+ * if the key isn't and integral multiple, pad it with zero. Unwrap
+ * will use the length parameter to appropriately set the key.
+ */
+ if ((raw_key.len % blocksize) != 0) {
+ int keyblocks = (raw_key.len +(blocksize-1))/blocksize;
+ keyLength = keyblocks * blocksize;
+ assert(keyLength <= sizeof(padded_key_data));
+ memset(padded_key_data, 0, keyLength);
+ memcpy(padded_key_data,raw_key.data, raw_key.len);
+ raw_key.data = padded_key_data;
+ }
+ rv = PK11_CipherOp(ctx, wrapped_key.data, (int *)&wrapped_key.len,
+ sizeof(wrapped_key_data), raw_key.data, keyLength);
+ if (keyLength != raw_key.len) {
+ /* clear our copy of the key bits */
+ memset(padded_key_data, 0, keyLength);
+ }
+ if (rv != SECSuccess) {
+ ret = k5_nss_map_last_error();
+ goto done;
+ }
+ PK11_Finalize(ctx);
+ ctx = NULL;
+
+ /* now now we have a 'wrapped' version of the, we can import it into
+ * the token without running afoul with FIPS. */
+ key = PK11_UnwrapSymKey(wrapping_key, mechanism, ¶ms, &wrapped_key,
+ mech, operation, raw_key.len);
+#else
+ key = PK11_ImportSymKey(slot, mech, PK11_OriginGenerated, operation,
+ &raw_key, NULL);
+#endif
+ if (key == NULL) {
+ ret = k5_nss_map_last_error();
+ goto done;
+ }
+ krb_key->cache = (void *) key;
+
+done:
+ if (slot) {
+ PK11_FreeSlot(slot);
+ }
+#ifdef FAKE_FIPS
+ if (ctx) {
+ PK11_Finalize(ctx);
+ }
+ if (wrapping_key) {
+ PK11_FreeSymKey(wrapping_key);
+ }
+#endif
+
+#else
+ ret = k5_nss_init();
+#endif
+ return ret;
+}
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/enc_provider.h
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/enc_provider.h (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/enc_provider.h 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+
+extern const struct krb5_enc_provider krb5int_enc_des;
+extern const struct krb5_enc_provider krb5int_enc_des3;
+extern const struct krb5_enc_provider krb5int_enc_arcfour;
+extern const struct krb5_enc_provider krb5int_enc_aes128;
+extern const struct krb5_enc_provider krb5int_enc_aes256;
+extern const struct krb5_enc_provider krb5int_enc_aes128_ctr;
+extern const struct krb5_enc_provider krb5int_enc_aes256_ctr;
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/rc4.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/rc4.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/enc_provider/rc4.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,109 @@
+/* lib/crypto/nss/enc_provider/rc4.c
+ *
+ * #include STD_DISCLAIMER
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2010 Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* arcfour.c
+ *
+ * Copyright (c) 2000 by Computer Science Laboratory,
+ * Rensselaer Polytechnic Institute
+ *
+ * #include STD_DISCLAIMER
+ */
+
+
+#include "k5-int.h"
+#include <aead.h>
+#include <rand2key.h>
+#include "nss_gen.h"
+
+#define RC4_KEY_SIZE 16
+#define RC4_BLOCK_SIZE 1
+
+/* In-place IOV crypto */
+static krb5_error_code
+k5_arcfour_encrypt_iov(krb5_key key,
+ const krb5_data *state,
+ krb5_crypto_iov *data,
+ size_t num_data)
+{
+ int ret;
+ ret = k5_nss_gen_import(key, CKM_RC4, CKA_ENCRYPT);
+ if (ret != 0) {
+ return ret;
+ }
+ return k5_nss_gen_stream_iov(key, state, CKM_RC4, CKA_ENCRYPT,
+ data, num_data);
+}
+
+/* In-place IOV crypto */
+static krb5_error_code
+k5_arcfour_decrypt_iov(krb5_key key,
+ const krb5_data *state,
+ krb5_crypto_iov *data,
+ size_t num_data)
+{
+ int ret;
+ ret = k5_nss_gen_import(key, CKM_RC4, CKA_DECRYPT);
+ if (ret != 0) {
+ return ret;
+ }
+ return k5_nss_gen_stream_iov(key, state, CKM_RC4, CKA_DECRYPT,
+ data, num_data);
+}
+
+static krb5_error_code
+k5_arcfour_free_state ( krb5_data *state)
+{
+ return k5_nss_stream_free_state(state);
+}
+
+static krb5_error_code
+k5_arcfour_init_state (const krb5_keyblock *key,
+ krb5_keyusage keyusage, krb5_data *new_state)
+{
+ /* key can't quite be used here. see comment in k5_arcfour_init_state */
+ return k5_nss_stream_init_state(new_state);
+
+}
+
+const struct krb5_enc_provider krb5int_enc_arcfour = {
+ /* This seems to work... although I am not sure what the
+ implications are in other places in the kerberos library */
+ RC4_BLOCK_SIZE,
+ /* Keysize is arbitrary in arcfour, but the constraints of the
+ system, and to attempt to work with the MSFT system forces us
+ to 16byte/128bit. Since there is no parity in the key, the
+ byte and length are the same. */
+ RC4_KEY_SIZE, RC4_KEY_SIZE,
+ k5_arcfour_encrypt_iov,
+ k5_arcfour_decrypt_iov,
+ NULL,
+ krb5int_arcfour_make_key,
+ k5_arcfour_init_state,
+ k5_arcfour_free_state,
+ k5_nss_gen_cleanup
+};
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/Makefile.in
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/Makefile.in (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/Makefile.in 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,46 @@
+mydir=lib/crypto/nss/hash_provider
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES = -I$(srcdir)/../../krb/crc32 -I$(srcdir)/../md4 \
+ -I$(srcdir)/.. -I$(srcdir)/../../krb \
+ @CRYPTO_IMPL_CFLAGS@
+
+DEFS=
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR=hash_provider
+##DOS##OBJFILE=..\$(OUTPRE)hash_pro.lst
+
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
+STLIBOBJS= \
+ hash_gen.o \
+ hash_crc32.o \
+ hash_md4.o \
+ hash_md5.o \
+ hash_sha1.o
+
+OBJS= $(OUTPRE)hash_gen.$(OBJEXT) \
+ $(OUTPRE)hash_crc32.$(OBJEXT) \
+ $(OUTPRE)hash_md4.$(OBJEXT) \
+ $(OUTPRE)hash_md5.$(OBJEXT) \
+ $(OUTPRE)hash_sha1.$(OBJEXT)
+
+SRCS= $(srcdir)/hash_gen.c \
+ $(srcdir)/hash_crc32.c \
+ $(srcdir)/hash_md4.c \
+ $(srcdir)/hash_md5.c \
+ $(srcdir)/hash_sha1.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix:: all-libobjs
+
+includes:: depend
+
+depend:: $(SRCS)
+
+clean-unix:: clean-libobjs
+
+ at libobj_frag@
+
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/deps
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/deps (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/deps 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,52 @@
+#
+# Generated makefile dependencies follow.
+#
+hash_crc32.so hash_crc32.po $(OUTPRE)hash_crc32.$(OBJEXT): \
+ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+ $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ $(srcdir)/hash_crc32.c \
+ $(srcdir)/hash_provider.h \
+ $(srcdir)/../../krb/crc32/crc-32.h
+hash_md4.so hash_md4.po $(OUTPRE)hash_md4.$(OBJEXT): \
+ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+ $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ $(srcdir)/hash_md4.c $(srcdir)/hash_provider.h \
+ $(srcdir)/../md4/rsa-md4.h
+hash_md5.so hash_md5.po $(OUTPRE)hash_md5.$(OBJEXT): \
+ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+ $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ $(srcdir)/hash_md5.c $(srcdir)/hash_provider.h \
+ $(srcdir)/../md5/rsa-md5.h
+hash_sha1.so hash_sha1.po $(OUTPRE)hash_sha1.$(OBJEXT): \
+ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+ $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ $(srcdir)/hash_provider.h \
+ $(srcdir)/hash_sha1.c $(srcdir)/../sha1/shs.h
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_crc32.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_crc32.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_crc32.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include "crc-32.h"
+#include "hash_provider.h"
+#include "aead.h"
+
+static krb5_error_code
+k5_crc32_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+ unsigned long c;
+ unsigned int i;
+
+ if (output->length != CRC32_CKSUM_LENGTH)
+ return(KRB5_CRYPTO_INTERNAL);
+
+ c = 0;
+ for (i=0; i < num_data; i++) {
+ const krb5_crypto_iov *iov=&data[i];
+
+ if (SIGN_IOV(iov))
+ mit_crc32(iov->data.data, iov->data.length, &c);
+ }
+
+ store_32_le(c, output->data);
+ return(0);
+}
+
+const struct krb5_hash_provider krb5int_hash_crc32 = {
+ "CRC32",
+ CRC32_CKSUM_LENGTH,
+ 1,
+ k5_crc32_hash
+};
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_gen.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_gen.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_gen.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,64 @@
+/*
+ * Copyright (C) 2010 Red Hat, Inc.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include "sechash.h"
+#include "nss_gen.h"
+#include "aead.h"
+
+krb5_error_code
+k5_nss_gen_hash(HASH_HashType hashType, const krb5_crypto_iov *data,
+ size_t num_data, krb5_data *output)
+{
+ unsigned int i;
+ HASHContext *ctx;
+ krb5_error_code ret;
+
+ ret = k5_nss_init();
+ if (ret) return ret;
+
+ if (output->length != HASH_ResultLen(hashType))
+ return(KRB5_CRYPTO_INTERNAL);
+
+ ctx = HASH_Create(hashType);
+ if (!ctx)
+ return(ENOMEM);
+
+ HASH_Begin(ctx);
+ for (i=0; i < num_data; i++) {
+ const krb5_crypto_iov *iov = &data[i];
+
+ if (iov->data.length && SIGN_IOV(iov))
+ HASH_Update(ctx, (unsigned char *) iov->data.data,
+ iov->data.length);
+ }
+
+ HASH_End(ctx, (unsigned char *)output->data,
+ &output->length, output->length);
+
+ return(0);
+}
+
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_gen.h
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_gen.h (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_gen.h 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2010 Red Hat, Inc.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "sechash.h"
+#include "k5-int.h"
+
+krb5_error_code k5_nss_gen_hash(HASH_HashType hashType, unsigned int icount,
+ const krb5_data *input,
+ krb5_data *output);
+
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_md4.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_md4.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_md4.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2010 Red Hat, Inc.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include "hash_provider.h"
+#include "rsa-md4.h"
+#include "aead.h"
+
+static krb5_error_code
+k5_md4_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+ krb5_MD4_CTX ctx;
+ unsigned long i;
+
+ if (output->length != RSA_MD4_CKSUM_LENGTH) {
+ return KRB5_CRYPTO_INTERNAL;
+ }
+
+ krb5int_MD4Init(&ctx);
+ for (i=0; i < num_data; i++) {
+ const krb5_crypto_iov *iov = &data[i];
+
+ if (SIGN_IOV(iov)) {
+ krb5int_MD4Update(&ctx, (unsigned char *)iov->data.data,
+ iov->data.length);
+ }
+ }
+ krb5int_MD4Final(&ctx);
+
+ memcpy(output->data, ctx.digest, RSA_MD4_CKSUM_LENGTH);
+
+ return 0;
+}
+
+const struct krb5_hash_provider krb5int_hash_md4 = {
+ "MD4",
+ RSA_MD4_CKSUM_LENGTH,
+ 64,
+ k5_md4_hash
+};
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_md5.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_md5.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_md5.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2010 Red Hat, Inc.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include "nss_gen.h"
+#include "hash_provider.h"
+
+static krb5_error_code
+k5_md5_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+
+ return k5_nss_gen_hash(HASH_AlgMD5, data, num_data, output);
+}
+
+const struct krb5_hash_provider krb5int_hash_md5 = {
+ "MD5",
+ MD5_LENGTH,
+ 64,
+ k5_md5_hash
+};
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_provider.h
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_provider.h (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_provider.h 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+
+extern const struct krb5_hash_provider krb5int_hash_crc32;
+extern const struct krb5_hash_provider krb5int_hash_md4;
+extern const struct krb5_hash_provider krb5int_hash_md5;
+extern const struct krb5_hash_provider krb5int_hash_sha1;
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_sha1.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_sha1.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/hash_provider/hash_sha1.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2010 Red Hat, Inc.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include "nss_gen.h"
+#include "hash_provider.h"
+
+static krb5_error_code
+k5_sha1_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+
+ return k5_nss_gen_hash(HASH_AlgSHA1, data, num_data, output);
+}
+
+const struct krb5_hash_provider krb5int_hash_sha1 = {
+ "SHA1",
+ SHA1_LENGTH,
+ 64,
+ k5_sha1_hash
+};
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/hmac.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/hmac.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/hmac.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,193 @@
+/* lib/crypto/openssl/hmac.c
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+
+#include "k5-int.h"
+#include "aead.h"
+#include "nss_gen.h"
+#include "pk11pub.h"
+
+/*
+ * the HMAC transform looks like:
+ *
+ * H(K XOR opad, H(K XOR ipad, text))
+ *
+ * where H is a cryptographic hash
+ * K is an n byte key
+ * ipad is the byte 0x36 repeated blocksize times
+ * opad is the byte 0x5c repeated blocksize times
+ * and text is the data being protected
+ */
+
+static CK_MECHANISM_TYPE
+digest_to_hmac(const struct krb5_hash_provider *hash)
+{
+#ifdef NSS_LOOKUP_STRING
+ SECOidTag hashTag, hmacTag;
+ SECOidData *oid;
+#endif
+
+ /* use strcmp so we don't confuse SHA1 with SHA128 */
+ /* handle the obvious cases first */
+ if (!strcmp(hash->hash_name, "SHA1")) {
+ return CKM_SHA_1_HMAC;
+ }
+ if (!strcmp(hash->hash_name, "MD5")) {
+ return CKM_MD5_HMAC;
+ }
+ /* the following coudes needs HASH_GetHMACOidTagByHashOidTag() to be
+ * exported before it will work */
+#ifdef NSS_LOOKUP_STRING
+ /* See if the currently loaded version of NSS recognizes this hash */
+ hmacTag = SEC_OID_UNKNOWN;
+ for (hashTag=1; (oid=SECOID_FindOIDByTag(hashTag)) != NULL; hashTag++) {
+ if (oid->mechanism == CKM_INVALID_MECHANISM) {
+ continue;
+ }
+ if (!strcasecmp(oid->desc, hash->hash_name)) {
+ continue;
+ }
+ /* now map the hash oid to an hmac oid */
+ hmacTag = HASH_GetHMACOidTagByHashOidTag(hashTag);
+ HASH_GetHMACOidTagByHashOidTag
+ if (hmacTag != SEC_OID_UNKNOWN) {
+ break;
+ }
+ }
+ oid = SECOID_FindOIDByTag(hmacTag);
+ if (oid) {
+ return oid->mechanism;
+ }
+#endif
+ return CKM_INVALID_MECHANISM;
+}
+
+krb5_error_code
+krb5int_hmac(const struct krb5_hash_provider *hash, krb5_key key,
+ const krb5_crypto_iov *data, size_t num_data,
+ krb5_data *output)
+{
+ unsigned int i = 0;
+ CK_MECHANISM_TYPE mech;
+ PK11Context *ctx = NULL;
+ krb5_error_code ret = 0;
+ SECStatus rv;
+ SECItem param;
+
+ if (output->length < hash->hashsize)
+ return(KRB5_BAD_MSIZE);
+
+ mech = digest_to_hmac(hash);
+ if (mech == CKM_INVALID_MECHANISM)
+ return(KRB5_CRYPTO_INTERNAL); // unsupported alg
+
+ ret = k5_nss_gen_import(key, mech, CKA_SIGN);
+ if (ret != 0) {
+ return ret;
+ }
+
+ param.data = NULL;
+ param.len = 0;
+ ctx = k5_nss_create_context(key, mech, CKA_SIGN, ¶m);
+ if (ctx == NULL) {
+ goto fail;
+ }
+
+ rv = PK11_DigestBegin(ctx);
+ if (rv != SECSuccess) goto fail;
+
+ for (i=0; i < num_data; i++) {
+ const krb5_crypto_iov *iov = &data[i];
+
+ if (iov->data.length && SIGN_IOV(iov)) {
+ rv = PK11_DigestOp(ctx,(const unsigned char*)iov->data.data,
+ iov->data.length);
+ if (rv != SECSuccess) goto fail;
+ }
+
+ }
+ rv = PK11_DigestFinal(ctx, (unsigned char *) output->data, &output->length,
+ output->length);
+ ctx = NULL;
+ if (rv != SECSuccess) goto fail;
+
+ return 0;
+fail:
+ ret = k5_nss_map_last_error();
+ if (ctx) {
+ PK11_Finalize(ctx);
+ }
+ return ret;
+}
+
+krb5_error_code
+krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
+ const krb5_keyblock *keyblock,
+ const krb5_crypto_iov *data, size_t num_data,
+ krb5_data *output)
+{
+ krb5_key key;
+ krb5_error_code code;
+
+ if (keyblock->length > hash->blocksize)
+ return(KRB5_CRYPTO_INTERNAL);
+
+ memset(&key, 0, sizeof(key));
+
+ code = krb5_k_create_key(NULL, keyblock, &key);
+ if (code) {
+ return code;
+ }
+ code = krb5int_hmac(hash, key, data, num_data, output);
+ krb5_k_free_key(NULL, key);
+ return code;
+}
+
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/md4/ISSUES
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/md4/ISSUES (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/md4/ISSUES 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,3 @@
+Issues to be addressed for src/lib/crypto/md4: -*- text -*-
+�
+Assumes int is >= 32 bits.
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/md4/Makefile.in
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/md4/Makefile.in (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/md4/Makefile.in 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,37 @@
+mydir=lib/crypto/nss/md4
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES = -I$(srcdir)
+DEFS=
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR=md4
+##DOS##OBJFILE=..\$(OUTPRE)md4.lst
+
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
+STLIBOBJS= md4.o
+
+OBJS= $(OUTPRE)md4.$(OBJEXT)
+
+SRCS= $(srcdir)/md4.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix:: all-libobjs
+
+includes:: depend
+
+depend:: $(SRCS)
+
+
+check-unix::
+
+check-windows::
+
+clean::
+
+clean-unix:: clean-libobjs
+
+ at libobj_frag@
+
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/md4/deps
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/md4/deps (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/md4/deps 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,13 @@
+#
+# Generated makefile dependencies follow.
+#
+md4.so md4.po $(OUTPRE)md4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h md4.c rsa-md4.h
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/md4/md4.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/md4/md4.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/md4/md4.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,247 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * lib/crypto/md4/md4.c
+ */
+
+/*
+**********************************************************************
+** md4.c **
+** RSA Data Security, Inc. MD4 Message Digest Algorithm **
+** Created: 2/17/90 RLR **
+** Revised: 1/91 SRD,AJ,BSK,JT Reference C Version **
+**********************************************************************
+*/
+
+/*
+**********************************************************************
+** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
+** **
+** License to copy and use this software is granted provided that **
+** it is identified as the "RSA Data Security, Inc. MD4 Message **
+** Digest Algorithm" in all material mentioning or referencing this **
+** software or this function. **
+** **
+** License is also granted to make and use derivative works **
+** provided that such works are identified as "derived from the RSA **
+** Data Security, Inc. MD4 Message Digest Algorithm" in all **
+** material mentioning or referencing the derived work. **
+** **
+** RSA Data Security, Inc. makes no representations concerning **
+** either the merchantability of this software or the suitability **
+** of this software for any particular purpose. It is provided "as **
+** is" without express or implied warranty of any kind. **
+** **
+** These notices must be retained in any copies of any part of this **
+** documentation and/or software. **
+**********************************************************************
+*/
+
+#include "k5-int.h"
+#include "rsa-md4.h"
+
+/* forward declaration */
+static void Transform (krb5_ui_4 *, krb5_ui_4 *);
+
+static const unsigned char PADDING[64] = {
+ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+/* F, G and H are basic MD4 functions: selection, majority, parity */
+#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+
+/* ROTATE_LEFT rotates x left n bits */
+#define ROTATE_LEFT(x, n) ((((x) << (n)) & 0xffffffff) | ((x) >> (32-(n))))
+
+/* FF, GG and HH are MD4 transformations for rounds 1, 2 and 3 */
+/* Rotation is separate from addition to prevent recomputation */
+#define FF(a, b, c, d, x, s) \
+ {(a) += F ((b), (c), (d)) + (x); \
+ (a) &= 0xffffffff; \
+ (a) = ROTATE_LEFT ((a), (s));}
+#define GG(a, b, c, d, x, s) \
+ {(a) += G ((b), (c), (d)) + (x) + 013240474631UL; \
+ (a) &= 0xffffffff; \
+ (a) = ROTATE_LEFT ((a), (s));}
+#define HH(a, b, c, d, x, s) \
+ {(a) += H ((b), (c), (d)) + (x) + 015666365641UL; \
+ (a) &= 0xffffffff; \
+ (a) = ROTATE_LEFT ((a), (s));}
+
+void
+krb5int_MD4Init (krb5_MD4_CTX *mdContext)
+{
+ mdContext->i[0] = mdContext->i[1] = (krb5_ui_4)0;
+
+ /* Load magic initialization constants.
+ */
+ mdContext->buf[0] = 0x67452301UL;
+ mdContext->buf[1] = 0xefcdab89UL;
+ mdContext->buf[2] = 0x98badcfeUL;
+ mdContext->buf[3] = 0x10325476UL;
+}
+
+void
+krb5int_MD4Update (krb5_MD4_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
+{
+ krb5_ui_4 in[16];
+ int mdi;
+ unsigned int i, ii;
+
+ /* compute number of bytes mod 64 */
+ mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+
+ /* update number of bits */
+ if ((mdContext->i[0] + ((krb5_ui_4)inLen << 3)) < mdContext->i[0])
+ mdContext->i[1]++;
+ mdContext->i[0] += ((krb5_ui_4)inLen << 3);
+ mdContext->i[1] += ((krb5_ui_4)inLen >> 29);
+
+ while (inLen--) {
+ /* add new character to buffer, increment mdi */
+ mdContext->in[mdi++] = *inBuf++;
+
+ /* transform if necessary */
+ if (mdi == 0x40) {
+ for (i = 0, ii = 0; i < 16; i++, ii += 4) {
+ in[i] = load_32_le(mdContext->in+ii);
+ }
+ Transform (mdContext->buf, in);
+ mdi = 0;
+ }
+ }
+}
+
+void
+krb5int_MD4Final (krb5_MD4_CTX *mdContext)
+{
+ krb5_ui_4 in[16];
+ int mdi;
+ unsigned int i, ii;
+ unsigned int padLen;
+
+ /* save number of bits */
+ in[14] = mdContext->i[0];
+ in[15] = mdContext->i[1];
+
+ /* compute number of bytes mod 64 */
+ mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+
+ /* pad out to 56 mod 64 */
+ padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
+ krb5int_MD4Update (mdContext, PADDING, padLen);
+
+ /* append length in bits and transform */
+ for (i = 0, ii = 0; i < 14; i++, ii += 4)
+ in[i] = load_32_le(mdContext->in+ii);
+ Transform (mdContext->buf, in);
+
+
+ /* store buffer in digest */
+ for (i = 0, ii = 0; i < 4; i++, ii += 4) {
+ store_32_le(mdContext->buf[i], mdContext->digest+ii);
+ }
+}
+
+/* Basic MD4 step. Transform buf based on in.
+ */
+static void Transform (krb5_ui_4 *buf, krb5_ui_4 *in)
+{
+ register krb5_ui_4 a = buf[0], b = buf[1], c = buf[2], d = buf[3];
+
+#if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
+ int i;
+#define ROTATE { krb5_ui_4 temp; temp = d, d = c, c = b, b = a, a = temp; }
+ for (i = 0; i < 16; i++) {
+ static const unsigned char round1consts[] = { 3, 7, 11, 19, };
+ FF (a, b, c, d, in[i], round1consts[i%4]); ROTATE;
+ }
+ for (i = 0; i < 16; i++) {
+ static const unsigned char round2indices[] = {
+ 0,4,8,12,1,5,9,13,2,6,10,14,3,7,11,15
+ };
+ static const unsigned char round2consts[] = { 3, 5, 9, 13 };
+ GG (a, b, c, d, in[round2indices[i]], round2consts[i%4]); ROTATE;
+ }
+ for (i = 0; i < 16; i++) {
+ static const unsigned char round3indices[] = {
+ 0, 8, 4, 12, 2, 10, 6, 14, 1, 9, 5, 13, 3, 11, 7, 15
+ };
+ static const unsigned char round3consts[] = { 3, 9, 11, 15 };
+ HH (a, b, c, d, in[round3indices[i]], round3consts[i%4]); ROTATE;
+ }
+#else
+ /* Round 1 */
+ FF (a, b, c, d, in[ 0], 3);
+ FF (d, a, b, c, in[ 1], 7);
+ FF (c, d, a, b, in[ 2], 11);
+ FF (b, c, d, a, in[ 3], 19);
+ FF (a, b, c, d, in[ 4], 3);
+ FF (d, a, b, c, in[ 5], 7);
+ FF (c, d, a, b, in[ 6], 11);
+ FF (b, c, d, a, in[ 7], 19);
+ FF (a, b, c, d, in[ 8], 3);
+ FF (d, a, b, c, in[ 9], 7);
+ FF (c, d, a, b, in[10], 11);
+ FF (b, c, d, a, in[11], 19);
+ FF (a, b, c, d, in[12], 3);
+ FF (d, a, b, c, in[13], 7);
+ FF (c, d, a, b, in[14], 11);
+ FF (b, c, d, a, in[15], 19);
+
+ /* Round 2 */
+ GG (a, b, c, d, in[ 0], 3);
+ GG (d, a, b, c, in[ 4], 5);
+ GG (c, d, a, b, in[ 8], 9);
+ GG (b, c, d, a, in[12], 13);
+ GG (a, b, c, d, in[ 1], 3);
+ GG (d, a, b, c, in[ 5], 5);
+ GG (c, d, a, b, in[ 9], 9);
+ GG (b, c, d, a, in[13], 13);
+ GG (a, b, c, d, in[ 2], 3);
+ GG (d, a, b, c, in[ 6], 5);
+ GG (c, d, a, b, in[10], 9);
+ GG (b, c, d, a, in[14], 13);
+ GG (a, b, c, d, in[ 3], 3);
+ GG (d, a, b, c, in[ 7], 5);
+ GG (c, d, a, b, in[11], 9);
+ GG (b, c, d, a, in[15], 13);
+
+ /* Round 3 */
+ HH (a, b, c, d, in[ 0], 3);
+ HH (d, a, b, c, in[ 8], 9);
+ HH (c, d, a, b, in[ 4], 11);
+ HH (b, c, d, a, in[12], 15);
+ HH (a, b, c, d, in[ 2], 3);
+ HH (d, a, b, c, in[10], 9);
+ HH (c, d, a, b, in[ 6], 11);
+ HH (b, c, d, a, in[14], 15);
+ HH (a, b, c, d, in[ 1], 3);
+ HH (d, a, b, c, in[ 9], 9);
+ HH (c, d, a, b, in[ 5], 11);
+ HH (b, c, d, a, in[13], 15);
+ HH (a, b, c, d, in[ 3], 3);
+ HH (d, a, b, c, in[11], 9);
+ HH (c, d, a, b, in[ 7], 11);
+ HH (b, c, d, a, in[15], 15);
+#endif
+
+ buf[0] += a;
+ buf[1] += b;
+ buf[2] += c;
+ buf[3] += d;
+}
+
+/*
+**********************************************************************
+** End of md4.c **
+******************************* (cut) ********************************
+*/
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/md4/rsa-md4.h
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/md4/rsa-md4.h (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/md4/rsa-md4.h 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,95 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * lib/crypto/md4/rsa-md4.h
+ *
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * RSA MD4 header file, with Kerberos/STDC additions.
+ */
+
+#ifndef __KRB5_RSA_MD4_H__
+#define __KRB5_RSA_MD4_H__
+
+#ifdef unicos61
+#include <sys/types.h>
+#endif /* unicos61 */
+
+/* 16 u_char's in the digest */
+#define RSA_MD4_CKSUM_LENGTH 16
+/* des blocksize is 8, so this works nicely... */
+#define OLD_RSA_MD4_DES_CKSUM_LENGTH 16
+#define NEW_RSA_MD4_DES_CKSUM_LENGTH 24
+#define RSA_MD4_DES_CONFOUND_LENGTH 8
+
+/*
+**********************************************************************
+** md4.h -- Header file for implementation of MD4 **
+** RSA Data Security, Inc. MD4 Message Digest Algorithm **
+** Created: 2/17/90 RLR **
+** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version **
+**********************************************************************
+*/
+
+/*
+**********************************************************************
+** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
+** **
+** License to copy and use this software is granted provided that **
+** it is identified as the "RSA Data Security, Inc. MD4 Message **
+** Digest Algorithm" in all material mentioning or referencing this **
+** software or this function. **
+** **
+** License is also granted to make and use derivative works **
+** provided that such works are identified as "derived from the RSA **
+** Data Security, Inc. MD4 Message Digest Algorithm" in all **
+** material mentioning or referencing the derived work. **
+** **
+** RSA Data Security, Inc. makes no representations concerning **
+** either the merchantability of this software or the suitability **
+** of this software for any particular purpose. It is provided "as **
+** is" without express or implied warranty of any kind. **
+** **
+** These notices must be retained in any copies of any part of this **
+** documentation and/or software. **
+**********************************************************************
+*/
+
+/* Data structure for MD4 (Message Digest) computation */
+typedef struct {
+ krb5_ui_4 i[2]; /* number of _bits_ handled mod 2^64 */
+ krb5_ui_4 buf[4]; /* scratch buffer */
+ unsigned char in[64]; /* input buffer */
+ unsigned char digest[16]; /* actual digest after MD4Final call */
+} krb5_MD4_CTX;
+
+extern void krb5int_MD4Init(krb5_MD4_CTX *);
+extern void krb5int_MD4Update(krb5_MD4_CTX *, const unsigned char *, unsigned int);
+extern void krb5int_MD4Final(krb5_MD4_CTX *);
+
+/*
+**********************************************************************
+** End of md4.h **
+******************************* (cut) ********************************
+*/
+#endif /* __KRB5_RSA_MD4_H__ */
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/md5/Makefile.in
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/md5/Makefile.in (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/md5/Makefile.in 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,37 @@
+mydir=lib/crypto/nss/md5
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+DEFS=
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR=md5
+##DOS##OBJFILE=..\$(OUTPRE)md5.lst
+
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+LOCALINCLUDES = -I.. @CRYPTO_IMPL_CFLAGS@
+
+
+STLIBOBJS= md5.o
+
+OBJS= $(OUTPRE)md5.$(OBJEXT)
+
+SRCS= $(srcdir)/md5.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix:: all-libobjs
+
+includes:: depend
+
+depend:: $(SRCS)
+
+check-unix::
+
+check-windows::
+
+clean::
+
+clean-unix:: clean-libobjs
+
+ at libobj_frag@
+
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/md5/deps
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/md5/deps (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/md5/deps 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+md5.so md5.po $(OUTPRE)md5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h $(srcdir)/md5.c \
+ $(srcdir)/rsa-md5.h
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/md5/md5.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/md5/md5.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/md5/md5.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,81 @@
+/* lib/crypto/openssl/md5/md5.c
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "rsa-md5.h"
+#include "pk11pub.h"
+#include "nss_gen.h"
+
+
+/* The routine krb5int_MD5Init initializes the message-digest context
+ mdContext.
+ */
+void
+krb5int_MD5Init (krb5_MD5_CTX *mdContext)
+{
+ if (k5_nss_init()) {
+ mdContext->nss_ctxt = NULL;
+ return;
+ }
+ mdContext->nss_ctxt = PK11_CreateDigestContext(SEC_OID_MD5);
+ if (mdContext->nss_ctxt == NULL) {
+ return;
+ }
+ PK11_DigestBegin((PK11Context *)mdContext->nss_ctxt);
+}
+
+/* The routine krb5int_MD5Update updates the message-digest context to
+ account for the presence of each of the characters inBuf[0..inLen-1]
+ in the message whose digest is being computed.
+ */
+void
+krb5int_MD5Update (krb5_MD5_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
+{
+ if (mdContext->nss_ctxt == NULL) {
+ return;
+ }
+ PK11_DigestOp((PK11Context *)mdContext->nss_ctxt, inBuf, inLen);
+}
+
+/* The routine krb5int_MD5Final terminates the message-digest computation and
+ ends with the desired message digest in mdContext->digest[0...15].
+ */
+void
+krb5int_MD5Final (krb5_MD5_CTX *mdContext)
+{
+ unsigned int digestLength;
+
+ if (mdContext->nss_ctxt == NULL) {
+ return;
+ }
+ PK11_DigestFinal((PK11Context *)mdContext->nss_ctxt, mdContext->digest,
+ &digestLength, sizeof (mdContext->digest));
+ /* since there is not separate cleanup step, free the context now.
+ * (otherwise we could have reused the context for another MD5 operation
+ * in the future).
+ */
+ PK11_DestroyContext((PK11Context *)mdContext->nss_ctxt, PR_TRUE);
+ mdContext->nss_ctxt = NULL;
+}
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/md5/rsa-md5.h
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/md5/rsa-md5.h (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/md5/rsa-md5.h 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,88 @@
+/* lib/crypto/openssl/md5/rsa-md5.h
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ ***********************************************************************
+ ** md5.h -- header file for implementation of MD5 **
+ ** RSA Data Security, Inc. MD5 Message-Digest Algorithm **
+ ** Created: 2/17/90 RLR **
+ ** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version **
+ ** Revised (for MD5): RLR 4/27/91 **
+ ** -- G modified to have y&~z instead of y&z **
+ ** -- FF, GG, HH modified to add in last register done **
+ ** -- Access pattern: round 2 works mod 5, round 3 works mod 3 **
+ ** -- distinct additive constant for each step **
+ ** -- round 4 added, working mod 7 **
+ ***********************************************************************
+ */
+
+/*
+ ***********************************************************************
+ ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
+ ** **
+ ** License to copy and use this software is granted provided that **
+ ** it is identified as the "RSA Data Security, Inc. MD5 Message- **
+ ** Digest Algorithm" in all material mentioning or referencing this **
+ ** software or this function. **
+ ** **
+ ** License is also granted to make and use derivative works **
+ ** provided that such works are identified as "derived from the RSA **
+ ** Data Security, Inc. MD5 Message-Digest Algorithm" in all **
+ ** material mentioning or referencing the derived work. **
+ ** **
+ ** RSA Data Security, Inc. makes no representations concerning **
+ ** either the merchantability of this software or the suitability **
+ ** of this software for any particular purpose. It is provided "as **
+ ** is" without express or implied warranty of any kind. **
+ ** **
+ ** These notices must be retained in any copies of any part of this **
+ ** documentation and/or software. **
+ ***********************************************************************
+ */
+
+
+#ifndef KRB5_RSA_MD5__
+#define KRB5_RSA_MD5__
+
+/* Data structure for MD5 (Message-Digest) computation */
+typedef struct {
+ void *nss_ctxt;
+ krb5_int32 * digest_len;
+ krb5_ui_4 i[2]; /* number of _bits_ handled mod 2^64 */
+ krb5_ui_4 buf[4]; /* scratch buffer */
+ unsigned char in[64]; /* input buffer */
+ unsigned char digest[16]; /* actual digest after MD5Final call */
+} krb5_MD5_CTX;
+
+extern void krb5int_MD5Init(krb5_MD5_CTX *);
+extern void krb5int_MD5Update(krb5_MD5_CTX *,const unsigned char *,unsigned int);
+extern void krb5int_MD5Final(krb5_MD5_CTX *);
+
+#define RSA_MD5_CKSUM_LENGTH 16
+#define OLD_RSA_MD5_DES_CKSUM_LENGTH 16
+#define NEW_RSA_MD5_DES_CKSUM_LENGTH 24
+#define RSA_MD5_DES_CONFOUND_LENGTH 8
+
+#endif /* KRB5_RSA_MD5__ */
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/nss_gen.h
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/nss_gen.h (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/nss_gen.h 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,97 @@
+/*
+ *
+ * Copyright (C) 2003, 2007, 2008, 2009 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2010 Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "pkcs11t.h"
+#include "sechash.h"
+#include "secmodt.h"
+
+/* 512 bits is bigger than anything defined to date */
+#define MAX_KEY_LENGTH 64
+#define MAX_BLOCK_SIZE 64
+
+/*
+ * common nss utils
+ */
+/* Make sure NSS is properly initialized */
+krb5_error_code k5_nss_init(void);
+
+/* import a key into NSS and store the handle in krb5_key */
+krb5_error_code
+k5_nss_gen_import(krb5_key key, CK_MECHANISM_TYPE mech,
+ CK_ATTRIBUTE_TYPE operation);
+/* clean up an imported key */
+void
+k5_nss_gen_cleanup(krb5_key key);
+
+/* create a new crypto/hash/sign context from a krb5_key */
+PK11Context *
+k5_nss_create_context(krb5_key krb_key, CK_MECHANISM_TYPE mechanism,
+ CK_ATTRIBUTE_TYPE operation, SECItem * param);
+
+/* mapp and NSS error into a krb5_error_code */
+krb5_error_code k5_nss_map_error (int nss_error);
+krb5_error_code k5_nss_map_last_error (void);
+
+
+/*
+ * common encryption functions
+ */
+/* encrypt/decrypt block modes except cts using iov */
+krb5_error_code
+k5_nss_gen_block_iov(krb5_key key, CK_MECHANISM_TYPE mech,
+ CK_ATTRIBUTE_TYPE operation,
+ const krb5_data *ivec,
+ krb5_crypto_iov *data,
+ size_t num_data);
+/* encrypt/decrypt stream modes using iov */
+krb5_error_code
+k5_nss_gen_stream_iov(krb5_key key, krb5_data *state,
+ CK_MECHANISM_TYPE mech,
+ CK_ATTRIBUTE_TYPE operation,
+ krb5_crypto_iov *data,
+ size_t num_data);
+/* encrypt/decrypt block modes using cts */
+krb5_error_code
+k5_nss_gen_cts_iov(krb5_key key, CK_MECHANISM_TYPE mech,
+ CK_ATTRIBUTE_TYPE operation,
+ const krb5_data *ivec,
+ krb5_crypto_iov *data,
+ size_t num_data);
+
+/* stream state management calls */
+krb5_error_code
+k5_nss_stream_init_state(krb5_data *new_state);
+krb5_error_code
+k5_nss_stream_free_state(krb5_data *state);
+
+/*
+ * common hash functions
+ */
+/* all hash modes */
+krb5_error_code
+k5_nss_gen_hash(HASH_HashType hashType, const krb5_crypto_iov *data,
+ size_t num_data, krb5_data *output);
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/pbkdf2.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/pbkdf2.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/pbkdf2.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,117 @@
+/*
+ * lib/crypto/nss/pbkdf2.c
+ *
+ * Copyright 2002, 2008, 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * Implementation of PBKDF2 from RFC 2898.
+ * Not currently used; likely to be used when we get around to AES support.
+ */
+
+#include <ctype.h>
+#include "k5-int.h"
+#include "hash_provider.h"
+#include "pk11pub.h"
+#include "nss_gen.h"
+
+
+krb5_error_code
+krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count,
+ const krb5_data *pass, const krb5_data *salt)
+{
+
+ PK11SlotInfo *slot = NULL;
+ SECAlgorithmID *algid = NULL;
+ PK11SymKey *symKey = NULL;
+ SECItem saltItem, pwItem;
+ const SECItem *keydata = NULL;
+ SECOidTag pbeAlg = SEC_OID_PKCS5_PBKDF2;
+ SECOidTag cipherAlg = SEC_OID_AES_256_CBC;
+ SECOidTag prfAlg = SEC_OID_HMAC_SHA1;
+ krb5_error_code ret;
+
+ ret = k5_nss_init();
+ if (ret) return ret;
+
+ slot = PK11_GetBestSlot(PK11_AlgtagToMechanism(pbeAlg), NULL);
+ if (slot == NULL) {
+ return k5_nss_map_last_error();
+ }
+
+ saltItem.type = siBuffer;
+ saltItem.data = (unsigned char *)salt->data;
+ saltItem.len = salt->length;
+
+ /* PKCS 5 was designed to be DER encoded. Algid's carry all the
+ * information needed to describe the encoding the the recipient.
+ * This usually allows for crypto agility in the protocol automatically.
+ * Kerberos already had to solve it's crypto agility issues, so the
+ * algid is just and extra step we need that we will throw away */
+ algid = PK11_CreatePBEV2AlgorithmID(pbeAlg, cipherAlg, prfAlg,
+ out->length, count, &saltItem);
+ if (algid == NULL) {
+ ret = k5_nss_map_last_error();
+ goto loser;
+ }
+
+ pwItem.type = siBuffer;
+ pwItem.data = (unsigned char *)pass->data;
+ pwItem.len = pass->length;
+
+ symKey = PK11_PBEKeyGen(slot, algid, &pwItem, PR_FALSE, NULL);
+ if (symKey == NULL) {
+ ret = k5_nss_map_last_error();
+ goto loser;
+ }
+ /* at this point we should return symKey as a key, but kerberos is
+ * still passing bits around instead of key handles */
+ PK11_ExtractKeyValue(symKey);
+
+ /* keydata here is a const * and is valid as long as the key has not been
+ * destroyed. */
+ keydata = PK11_GetKeyData(symKey);
+ if (keydata == NULL) {
+ ret = k5_nss_map_last_error();
+ goto loser;
+ }
+
+ if (out->length != keydata->len) {
+ ret = -1; /* XXXXX */
+ goto loser;
+ }
+ memcpy(out->data, keydata->data, keydata->len);
+ ret = 0;
+
+loser:
+ if (symKey) {
+ PK11_FreeSymKey(symKey);
+ }
+ if (algid) {
+ SECOID_DestroyAlgorithmID(algid, PR_TRUE);
+ }
+ if (slot) {
+ PK11_FreeSlot(slot);
+ }
+
+ return ret;
+}
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/sha1/Makefile.in
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/sha1/Makefile.in (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/sha1/Makefile.in 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,32 @@
+mydir=lib/crypto/nss/sha1
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+DEFS=
+LOCALINCLUDES = -I.. @CRYPTO_IMPL_CFLAGS@
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR=sha1
+##DOS##OBJFILE=..\$(OUTPRE)sha1.lst
+
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
+STLIBOBJS= shs.o
+
+OBJS= $(OUTPRE)shs.$(OBJEXT)
+
+SRCS= $(srcdir)/shs.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix:: all-libobjs
+
+includes:: depend
+
+depend:: $(SRCS)
+
+clean::
+
+clean-unix:: clean-libobjs
+
+ at libobj_frag@
+
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/sha1/deps
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/sha1/deps (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/sha1/deps 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+shs.so shs.po $(OUTPRE)shs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h $(srcdir)/shs.c \
+ $(srcdir)/shs.h
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/sha1/shs.c
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/sha1/shs.c (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/sha1/shs.c 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,71 @@
+/* lib/crypto/openssl/sha1/shs.c
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "shs.h"
+#include "pk11pub.h"
+#include "nss_gen.h"
+
+/* Initialize the SHS values */
+void shsInit(SHS_INFO *shsInfo)
+{
+ if (k5_nss_init()) {
+ shsInfo->nss_ctxt = NULL;
+ return;
+ }
+ shsInfo->nss_ctxt = PK11_CreateDigestContext(SEC_OID_SHA1);
+ if (shsInfo->nss_ctxt == NULL) {
+ return;
+ }
+ PK11_DigestBegin((PK11Context *)shsInfo->nss_ctxt);
+}
+
+/* Update SHS for a block of data */
+void shsUpdate(SHS_INFO *shsInfo, const SHS_BYTE *buffer, unsigned int count)
+{
+ if (shsInfo->nss_ctxt == NULL) {
+ return;
+ }
+ PK11_DigestOp((PK11Context *)shsInfo->nss_ctxt, buffer, count);
+}
+
+
+/* Final wrapup - pad to SHS_DATASIZE-byte boundary with the bit pattern
+ 1 0* (64-bit count of bits processed, MSB-first) */
+void shsFinal(SHS_INFO *shsInfo)
+{
+ if (shsInfo->nss_ctxt == NULL) {
+ return;
+ }
+ PK11_DigestFinal((PK11Context *)shsInfo->nss_ctxt, shsInfo->digestBuf,
+ &shsInfo->digestLen, sizeof (shsInfo->digestBuf));
+ /* since there is not separate cleanup step, free the context now.
+ * (otherwise we could have reused the context for another MD5 operation
+ * in the future).
+ */
+ PK11_DestroyContext((PK11Context *)shsInfo->nss_ctxt, PR_TRUE);
+ shsInfo->nss_ctxt = NULL;
+}
+
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/sha1/shs.h
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/sha1/shs.h (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/sha1/shs.h 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,45 @@
+#ifndef _SHS_DEFINED
+
+#include "k5-int.h"
+
+#define _SHS_DEFINED
+
+/* Some useful types */
+
+typedef krb5_octet SHS_BYTE;
+typedef krb5_ui_4 SHS_LONG;
+
+/* Define the following to use the updated SHS implementation */
+#define NEW_SHS /**/
+
+/* The SHS block size and message digest sizes, in bytes */
+
+#define SHS_DATASIZE 64
+#define SHS_DIGESTSIZE 20
+
+/* The structure for storing SHS info */
+
+typedef struct {
+ void *nss_ctxt;
+ unsigned char digestBuf[SHS_DIGESTSIZE]; /* output */
+ unsigned int digestLen; /* output */
+} SHS_INFO;
+
+/* Message digest functions (shs.c) */
+void shsInit(SHS_INFO *shsInfo);
+void shsUpdate(SHS_INFO *shsInfo, const SHS_BYTE *buffer, unsigned int count);
+void shsFinal(SHS_INFO *shsInfo);
+
+
+/* Keyed Message digest functions (hmac_sha.c) */
+krb5_error_code hmac_sha(krb5_octet *text,
+ int text_len,
+ krb5_octet *key,
+ int key_len,
+ krb5_octet *digest);
+
+
+#define NIST_SHA_CKSUM_LENGTH SHS_DIGESTSIZE
+#define HMAC_SHA_CKSUM_LENGTH SHS_DIGESTSIZE
+
+#endif /* _SHS_DEFINED */
Added: branches/krb5-1-8-nss/src/lib/crypto/nss/yhash.h
===================================================================
--- branches/krb5-1-8-nss/src/lib/crypto/nss/yhash.h (rev 0)
+++ branches/krb5-1-8-nss/src/lib/crypto/nss/yhash.h 2010-07-26 21:28:49 UTC (rev 24212)
@@ -0,0 +1,29 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/openssl/hash/yhash.h
+ */
+
+#ifndef YHASH_H
+#define YHASH_H
+
+/* hash function interface */
+
+/* default to SHA1 for yarrow 160 */
+
+#include "shs.h"
+
+
+#define HASH_CTX SHS_INFO
+#define HASH_Init(x) shsInit(x)
+#define HASH_Update(x, buf, sz) shsUpdate(x, (const void*)buf, sz)
+
+#define HASH_Final(x, tdigest) do { \
+ int loopvar; \
+ unsigned char *out2 = (void *)(tdigest); \
+ HASH_CTX *ctx = (x); \
+ shsFinal(ctx); \
+ memcpy(out2, ctx->digestBuf, ctx->digestLen); \
+ } while(0)
+
+#define HASH_DIGEST_SIZE SHS_DIGESTSIZE
+
+#endif /* YHASH_H */
More information about the cvs-krb5
mailing list