diff --git a/Makefile.in b/Makefile.in index 479fa4b22f..56acadfbe1 100644 --- a/Makefile.in +++ b/Makefile.in @@ -168,6 +168,9 @@ cmd: comerr hcrypto: config $(DIR_roken) +${COMPILE_PART1} crypto/hcrypto ${COMPILE_PART2} +rfc3961: config hcrypto + +${COMPILE_PART1} crypto/rfc3961 ${COMPILE_PART2} + lwp: util lwp_depinstall +${COMPILE_PART1} lwp ${COMPILE_PART2} @@ -479,7 +482,7 @@ ${DEST}/bin/dedebug: dedebug # # libafs build targets # -libafs: config export hcrypto lwp_depinstall \ +libafs: config export rfc3961 hcrypto lwp_depinstall \ rx_depinstall vlserver_depinstall tvlserver_depinstall \ rxkad_depinstall fsint_depinstall \ libacl_depinstall afs_depinstall dir_depinstall \ @@ -668,7 +671,7 @@ build_tools: config des comerr rxgen finale: project cmd comerr afsd butc tbutc tbudb @ENABLE_KERNEL_MODULE@ libuafs audit kauth log \ ptserver tptserver scout bu_utils ubik uss bozo @VFSCK@ volser tvolser tsalvaged \ dviced dvolser \ - venus update xstat afsmonitor rxdebug libafsrpc hcrypto \ + venus update xstat afsmonitor rxdebug libafsrpc rfc3961 hcrypto \ libafsauthent shlibafsrpc shlibafsauthent libadmin man-pages \ platform kopenafs authtools $(DIR_roken) +${COMPILE_PART1} finale ${COMPILE_PART2} @@ -676,7 +679,7 @@ finale: project cmd comerr afsd butc tbutc tbudb @ENABLE_KERNEL_MODULE@ libuafs finale_nolibafs: project cmd comerr afsd butc tbutc tbudb libuafs audit kauth log \ ptserver tptserver scout bu_utils ubik tubik uss bozo @VFSCK@ volser tvolser tsalvaged \ dviced dvolser \ - venus update xstat afsmonitor rxdebug libafsrpc hcrypto \ + venus update xstat afsmonitor rxdebug libafsrpc rfc3961 hcrypto \ libafsauthent shlibafsrpc shlibafsauthent libadmin man-pages \ platform kopenafs authtools $(DIR_roken) +${COMPILE_PART1} finale ${COMPILE_PART2} @@ -793,6 +796,7 @@ clean2: -${COMPILE_PART1} tests ${COMPILE_CLEAN} -${COMPILE_PART1} crypto/hcrypto ${COMPILE_CLEAN} -${COMPILE_PART1} roken ${COMPILE_CLEAN} + -${COMPILE_PART1} crypto/rfc3961 ${COMPILE_CLEAN} -(cd src/libafs; /bin/rm -rf afs afsint config rx) -(cd src/libuafs; /bin/rm -rf afs afsint config rx) -/bin/rm -rf ${TOP_INCDIR} ${TOP_LIBDIR} ${TOP_JLIBDIR} @@ -837,6 +841,7 @@ distclean: clean src/config/shlib-build \ src/config/shlib-install \ src/crypto/hcrypto/Makefile \ + src/crypto/rfc3961/Makefile \ src/dir/Makefile \ src/dir/test/Makefile \ src/dviced/Makefile \ diff --git a/configure.ac b/configure.ac index 08e80cc4f3..ab207c66d9 100644 --- a/configure.ac +++ b/configure.ac @@ -143,6 +143,7 @@ src/config/Makefile.version-NOCML \ src/config/shlib-build \ src/config/shlib-install \ src/crypto/hcrypto/Makefile \ +src/crypto/rfc3961/Makefile \ src/dir/Makefile \ src/dir/test/Makefile \ src/dviced/Makefile \ diff --git a/src/crypto/hcrypto/kernel/alloc.c b/src/crypto/hcrypto/kernel/alloc.c index 7ec6029037..158d3bd75a 100644 --- a/src/crypto/hcrypto/kernel/alloc.c +++ b/src/crypto/hcrypto/kernel/alloc.c @@ -50,3 +50,35 @@ _afscrypto_free(void *ptr) if (ptr != NULL) afs_osi_Free(ptr, 0); } + +char* +_afscrypto_strdup(const char *str) { + char *ptr; + + ptr = malloc(strlen(str)); + if (ptr == NULL) + return ptr; + memcpy(ptr, str, strlen(str)); + + return ptr; +} + +/* This is a horrible, horrible bodge, but the crypto code uses realloc, + * so we need to handle it too. + * + * There are two different call sites for realloc. Firstly, it's used + * in the decrypt case to shrink the size of the allotted buffer. In + * this case, we can just ignore the realloc and return the original + * pointer. + * + * Secondly, it's used when computing derived keys. In this case, the + * first call will be with a NULL input, and the size of a single + * derived key. So, we just give back space for 20 keys, and pray. + */ + +void * +_afscrypto_realloc(void *ptr, size_t len) { + if (ptr == NULL) + return calloc(20, len); + return ptr; +} diff --git a/src/crypto/hcrypto/kernel/config.h b/src/crypto/hcrypto/kernel/config.h index 0d7adb1f95..8aa71ce8d7 100644 --- a/src/crypto/hcrypto/kernel/config.h +++ b/src/crypto/hcrypto/kernel/config.h @@ -40,3 +40,9 @@ void * _afscrypto_malloc(size_t); #define free _afscrypto_free void _afscrypto_free(void *); + +#define strdup _afscrypto_strdup +char * _afscrypto_strdup(const char *); + +#define realloc _afscrypto_realloc +void * _afscrypto_realloc(void *, size_t); diff --git a/src/crypto/rfc3961/Makefile.in b/src/crypto/rfc3961/Makefile.in new file mode 100644 index 0000000000..9b276fc1bd --- /dev/null +++ b/src/crypto/rfc3961/Makefile.in @@ -0,0 +1,24 @@ +# Copyright 2010, Your File System Inc +# All Rights Reserved +# +# This software is released under the terms of the two clause BSD +# License. For details, see the LICENSE file at the top level of +# this distribution. + +srcdir=@srcdir@ +include @TOP_OBJDIR@/src/config/Makefile.config +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ + +all: ${TOP_INCDIR}/afs/rfc3961.h + +${TOP_INCDIR}/afs/rfc3961.h: rfc3961.h + ${INSTALL_DATA} $? $@ + +install: + +dest: + +clean: diff --git a/src/crypto/rfc3961/context.c b/src/crypto/rfc3961/context.c new file mode 100644 index 0000000000..b5023cbc05 --- /dev/null +++ b/src/crypto/rfc3961/context.c @@ -0,0 +1,8 @@ +/* Functions for handling the Kerberos context. For now, these are no-ops */ + +#include + +int +krb5_init_context(krb5_context *ctx) { + return; +} diff --git a/src/crypto/rfc3961/copy.c b/src/crypto/rfc3961/copy.c new file mode 100644 index 0000000000..0aaa6b0996 --- /dev/null +++ b/src/crypto/rfc3961/copy.c @@ -0,0 +1,30 @@ +/* A couple of copying functions which are required by the Heimdal crypto code, + * but where pulling in the whole Heimdal source file containing them leads + * to unecessary complexity */ + +#include + +int +der_copy_octet_string (const krb5_data *from, krb5_data *to) +{ + to->length = from->length; + to->data = malloc(to->length); + if(to->length != 0 && to->data == NULL) + return ENOMEM; + memcpy(to->data, from->data, to->length); + return 0; +} + +int +copy_EncryptionKey(const krb5_keyblock *from, krb5_keyblock *to) +{ + memset(to, 0, sizeof(*to)); + to->keytype = from->keytype; + return der_copy_octet_string(&from->keyvalue, &to->keyvalue); +} + +void +free_Checksum(Checksum *data) +{ + krb5_data_free(&data->checksum); +} diff --git a/src/crypto/rfc3961/kernel/algs.c b/src/crypto/rfc3961/kernel/algs.c new file mode 100644 index 0000000000..a623a5ff1d --- /dev/null +++ b/src/crypto/rfc3961/kernel/algs.c @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2010 Your Filesystem Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* Algorithm list for the in-kernel hcrypto implementation. We use a really cut + * down list of algorithms, to reduce the code-footprint of our kernel module. + */ + +#include "krb5_locl.h" + +struct checksum_type *_krb5_checksum_types[] = { + &_krb5_checksum_sha1, + &_krb5_checksum_hmac_sha1_aes128, + &_krb5_checksum_hmac_sha1_aes256, +}; + +int _krb5_num_checksums + = sizeof(_krb5_checksum_types) / sizeof(_krb5_checksum_types[0]); + +struct encryption_type *_krb5_etypes[] = { + &_krb5_enctype_aes256_cts_hmac_sha1, + &_krb5_enctype_aes128_cts_hmac_sha1, +}; + +int _krb5_num_etypes = sizeof(_krb5_etypes) / sizeof(_krb5_etypes[0]); diff --git a/src/crypto/rfc3961/kernel/random.c b/src/crypto/rfc3961/kernel/random.c new file mode 100644 index 0000000000..df1efa8685 --- /dev/null +++ b/src/crypto/rfc3961/kernel/random.c @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2010 Your Filesystem Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include "afs/param.h" +#include "afs/stds.h" +#include "afs/sysincludes.h" +#include "afsincludes.h" + +#include "rfc3961.h" + +krb5_error_code +krb5_generate_random_block(void *buf, size_t len) +{ + return osi_readRandom(buf, len); +} diff --git a/src/crypto/rfc3961/krb5_locl.h b/src/crypto/rfc3961/krb5_locl.h new file mode 100644 index 0000000000..5c4af4b981 --- /dev/null +++ b/src/crypto/rfc3961/krb5_locl.h @@ -0,0 +1,198 @@ +/* This is a shim header that's included by crypto.c, and turns it into + * something that we can actually build on its own. + */ + +#ifdef KERNEL + +#include "config.h" + +#else + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#endif + +#include +#include + +#include "rfc3961.h" + +#ifndef KERNEL +# define HEIMDAL_MUTEX pthread_mutex_t +# define HEIMDAL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER +# define HEIMDAL_MUTEX_init(m) pthread_mutex_init(m, NULL) +# define HEIMDAL_MUTEX_lock(m) pthread_mutex_lock(m) +# define HEIMDAL_MUTEX_unlock(m) pthread_mutex_unlock(m) +# define HEIMDAL_MUTEX_destroy(m) pthread_mutex_destroy(m) +#endif + +#define HEIMDAL_SMALLER 1 +#define HEIM_CRYPTO_NO_TRIPLE_DES +#define HEIM_CRYPTO_NO_ARCFOUR +#define HEIM_CRYPTO_NO_PK + +#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X))) + +#ifndef max +#define max(a,b) (((a)>(b))?(a):(b)) +#endif + +#ifndef O_BINARY +#define O_BINARY 0 +#endif + +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + +typedef int krb5_boolean; +typedef ssize_t krb5_ssize_t; + +#define KRB5_KU_AS_REP_ENC_PART 3 +#define KRB5_KU_USAGE_SEAL 22 +#define KRB5_KU_USAGE_SIGN 23 +#define KRB5_KU_USAGE_SEQ 24 + +#define TRUE 1 +#define FALSE 0 + +/* From the ASN.1 */ + +typedef struct EncryptedData { + int etype; + int *kvno; + heim_octet_string cipher; +} EncryptedData; + +typedef enum krb5_salttype { + KRB5_PW_SALT = 3, + KRB5_AFS3_SALT = 10 +} krb5_salttype; + +typedef enum krb5_keytype { + KEYTYPE_NULL = 0, + KEYTYPE_DES = 1, + KEYTYPE_DES3 = 7, + KEYTYPE_AES128 = 17, + KEYTYPE_AES256 = 18, + KEYTYPE_ARCFOUR = 23, + KEYTYPE_ARCFOUR_56 = 24 +} krb5_keytype; + +typedef struct krb5_salt { + krb5_salttype salttype; + krb5_data saltvalue; +} krb5_salt; + +typedef struct krb5_crypto_iov { + unsigned int flags; + /* ignored */ +#define KRB5_CRYPTO_TYPE_EMPTY 0 + /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */ +#define KRB5_CRYPTO_TYPE_HEADER 1 + /* IN and OUT */ +#define KRB5_CRYPTO_TYPE_DATA 2 + /* IN */ +#define KRB5_CRYPTO_TYPE_SIGN_ONLY 3 + /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */ +#define KRB5_CRYPTO_TYPE_PADDING 4 + /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */ +#define KRB5_CRYPTO_TYPE_TRAILER 5 + /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_CHECKSUM) */ +#define KRB5_CRYPTO_TYPE_CHECKSUM 6 + krb5_data data; +} krb5_crypto_iov; + +#define ETYPE_NULL 0 + +#define KRB5_LIB_FUNCTION +#define KRB5_LIB_CALL + +/* Error codes */ +#define KRB5_BAD_MSIZE -1765328194 +#define KRB5_BAD_KEYSIZE -1765328195 +#define KRB5_PROG_SUMTYPE_NOSUPP -1765328231 +#define KRB5_PROG_KEYTYPE_NOSUPP -1765328233 +#define KRB5_PROG_ETYPE_NOSUPP -1765328234 +#define HEIM_ERR_SALTTYPE_NOSUPP -1980176638 +#define KRB5KRB_AP_ERR_BAD_INTEGRITY -1765328353 + +#define KRB5_CRYPTO_INTERNAL 1 + +/* Currently, we just disable localised error strings. We'll get the error + * numbers out, but no meaningful text */ +#define N_(...) "" +#define krb5_set_error_message(...) +#define krb5_abortx(...) +#define krb5_clear_error_message(ctx) + +/* Local prototypes. These are functions that we aren't admitting to in the + * public API */ +krb5_error_code _krb5_n_fold(const void *str, size_t len, void *, size_t); +krb5_error_code krb5_derive_key(krb5_context context, const krb5_keyblock *key, + krb5_enctype etype, const void *constant, + size_t constant_len, + krb5_keyblock **derived_key); +krb5_error_code krb5_enctype_keysize(krb5_context context, + krb5_enctype type, + size_t *keysize); +krb5_ssize_t _krb5_put_int(void *buffer, unsigned long value, size_t size); +void krb5_data_zero(krb5_data *p); +krb5_error_code krb5_data_copy(krb5_data *p, const void *data, size_t len); +void krb5_free_data(krb5_context context, krb5_data *p); +krb5_error_code krb5_copy_keyblock(krb5_context, + const krb5_keyblock *, + krb5_keyblock **); +void krb5_free_keyblock(krb5_context, krb5_keyblock *); +int krb5_data_ct_cmp(const krb5_data *, const krb5_data *); +int der_copy_octet_string(const krb5_data *, krb5_data *); +int copy_EncryptionKey(const krb5_keyblock *, krb5_keyblock *); +int ct_memcmp(const void *p1, const void *p2, size_t len); + +#include "crypto.h" + +struct checksum_type * _krb5_find_checksum (krb5_cksumtype); +struct encryption_type * _krb5_find_enctype (krb5_enctype); +void _krb5_free_key_data (krb5_context, struct key_data *, + struct encryption_type *); +void _krb5_evp_cleanup (krb5_context, struct key_data *); +krb5_error_code _krb5_evp_encrypt (krb5_context, struct key_data *, void *, + size_t, krb5_boolean, int, void *); +krb5_error_code _krb5_evp_encrypt_cts (krb5_context, struct key_data *, + void *,size_t, krb5_boolean, + int, void *); +void _krb5_evp_schedule (krb5_context, struct key_type *,struct key_data *); + +krb5_error_code _krb5_SP_HMAC_SHA1_checksum (krb5_context, + struct key_data *, + const void *, + size_t, unsigned, Checksum *); + +/* These are bodges - we don't implement these encryption types, but + * crypto.c contains hard coded references to them, and to these funcs. + * + * They will never actually be called ... + */ +static_inline krb5_error_code +_krb5_usage2arcfour(krb5_context context, unsigned *usage) { + return -1; +} + +static_inline void +_krb5_DES3_random_to_key (krb5_context context, + krb5_keyblock *key, + const void *rand, + size_t size) { + return; +} + +#define _krb5_AES_salt NULL diff --git a/src/crypto/rfc3961/rfc3961.h b/src/crypto/rfc3961/rfc3961.h new file mode 100644 index 0000000000..2b285e1602 --- /dev/null +++ b/src/crypto/rfc3961/rfc3961.h @@ -0,0 +1,161 @@ + +/* This header defines the public interface to a library which implements + * RFC3961 crypto on top of an existing EVP layer. It is created using + * selected bits of Heimdal's libkrb5. + */ + +typedef int krb5_error_code; +typedef int krb5_key_usage; +typedef struct _krb5_context * krb5_context; + +typedef struct { + size_t length; + void *data; +} heim_octet_string; + +typedef heim_octet_string krb5_data; + +typedef struct { + int keytype; + heim_octet_string keyvalue; +} krb5_keyblock; + +typedef struct krb5_crypto_data *krb5_crypto; + +typedef enum CKSUMTYPE { + CKSUMTYPE_NONE = 0, + CKSUMTYPE_CRC32 = 1, + CKSUMTYPE_RSA_MD4 = 2, + CKSUMTYPE_RSA_MD4_DES = 3, + CKSUMTYPE_DES_MAC = 4, + CKSUMTYPE_DES_MAC_K = 5, + CKSUMTYPE_RSA_MD4_DES_K = 6, + CKSUMTYPE_RSA_MD5 = 7, + CKSUMTYPE_RSA_MD5_DES = 8, + CKSUMTYPE_RSA_MD5_DES3 = 9, + CKSUMTYPE_SHA1_OTHER = 10, + CKSUMTYPE_HMAC_SHA1_DES3 = 12, + CKSUMTYPE_SHA1 = 14, + CKSUMTYPE_HMAC_SHA1_96_AES_128 = 15, + CKSUMTYPE_HMAC_SHA1_96_AES_256 = 16, + CKSUMTYPE_GSSAPI = 32771, + CKSUMTYPE_HMAC_MD5 = -138, + CKSUMTYPE_HMAC_MD5_ENC = -1138 +} CKSUMTYPE; + +typedef struct Checksum { + CKSUMTYPE cksumtype; + heim_octet_string checksum; +} Checksum; + +typedef int krb5_cksumtype; + +typedef enum ENCTYPE { + ETYPE_NULL = 0, + ETYPE_DES_CBC_CRC = 1, + ETYPE_DES_CBC_MD4 = 2, + ETYPE_DES_CBC_MD5 = 3, + ETYPE_DES3_CBC_MD5 = 5, + ETYPE_OLD_DES3_CBC_SHA1 = 7, + ETYPE_SIGN_DSA_GENERATE = 8, + ETYPE_ENCRYPT_RSA_PRIV = 9, + ETYPE_ENCRYPT_RSA_PUB = 10, + ETYPE_DES3_CBC_SHA1 = 16, + ETYPE_AES128_CTS_HMAC_SHA1_96 = 17, + ETYPE_AES256_CTS_HMAC_SHA1_96 = 18, + ETYPE_ARCFOUR_HMAC_MD5 = 23, + ETYPE_ARCFOUR_HMAC_MD5_56 = 24, + ETYPE_ENCTYPE_PK_CROSS = 48, + ETYPE_ARCFOUR_MD4 = -128, + ETYPE_ARCFOUR_HMAC_OLD = -133, + ETYPE_ARCFOUR_HMAC_OLD_EXP = -135, + ETYPE_DES_CBC_NONE = -4096, + ETYPE_DES3_CBC_NONE = -4097, + ETYPE_DES_CFB64_NONE = -4098, + ETYPE_DES_PCBC_NONE = -4099, + ETYPE_DIGEST_MD5_NONE = -4100, + ETYPE_CRAM_MD5_NONE = -4101 +} ENCTYPE; + +enum { + ENCTYPE_NULL = ETYPE_NULL +}; + +typedef ENCTYPE krb5_enctype; + +krb5_error_code krb5_init_context(krb5_context *context); + +krb5_error_code krb5_enctype_valid(krb5_context, krb5_enctype); + +krb5_error_code krb5_crypto_init(krb5_context context, + const krb5_keyblock *key, + krb5_enctype etype, + krb5_crypto *crypto); + +krb5_error_code krb5_crypto_destroy(krb5_context context, + krb5_crypto crypto); + +krb5_error_code krb5_encrypt(krb5_context context, + krb5_crypto crypto, + unsigned usage, + const void *data, + size_t len, + krb5_data *result); + +krb5_error_code krb5_decrypt(krb5_context context, + krb5_crypto crypto, + unsigned usage, + void *data, + size_t len, + krb5_data *result); + +krb5_error_code krb5_enctype_keybits(krb5_context context, + krb5_enctype type, + size_t *keybits); + +void krb5_data_free(krb5_data *p); + +krb5_error_code krb5_data_alloc(krb5_data *p, int len); + +void krb5_free_keyblock_contents(krb5_context context, + krb5_keyblock *keyblock); + +krb5_error_code krb5_crypto_prf(krb5_context context, + const krb5_crypto crypto, + const krb5_data *input, + krb5_data *output); + +krb5_error_code krb5_generate_random_block(void *buf, size_t len); + +krb5_error_code krb5_random_to_key(krb5_context context, + krb5_enctype type, + const void *data, + size_t size, + krb5_keyblock *key); + +size_t krb5_crypto_overhead (krb5_context context, + krb5_crypto crypto); + +krb5_error_code krb5_crypto_get_checksum_type (krb5_context context, + krb5_crypto crypto, + krb5_cksumtype *type); +krb5_error_code krb5_checksumsize (krb5_context context, + krb5_cksumtype type, + size_t *size); + +krb5_error_code krb5_create_checksum (krb5_context context, + krb5_crypto crypto, + krb5_key_usage usage, + int type, + void *data, + size_t len, + Checksum *result); + +krb5_error_code krb5_verify_checksum (krb5_context context, + krb5_crypto crypto, + krb5_key_usage usage, + void *data, + size_t len, + Checksum *cksum); + +void free_Checksum(Checksum *data); diff --git a/src/libafs/Makefile.common.in b/src/libafs/Makefile.common.in index 019a16db6e..00f533070c 100644 --- a/src/libafs/Makefile.common.in +++ b/src/libafs/Makefile.common.in @@ -175,6 +175,18 @@ AFSAOBJS = \ aes.o \ rijndael-alg-fst.o \ sha.o \ + n-fold.o \ + crypto.o \ + crypto-algs.o \ + crypto-aes.o \ + crypto-context.o \ + crypto-copy.o \ + crypto-ct.o \ + crypto-evp.o \ + crypto-data.o \ + crypto-keyblock.o \ + crypto-store-int.o \ + crypto-random.o \ afs_uuid.o $(AFS_OS_OBJS) # These next two allow nfs and nonfs builds to occur in the same directory. @@ -524,6 +536,57 @@ rijndael-alg-fst.o: $(TOP_SRCDIR)/external/heimdal/hcrypto/rijndael-alg-fst.c sha.o: $(TOP_SRCDIR)/external/heimdal/hcrypto/sha.c $(CRULE_OPT) +RFC3961_INCLUDES = -I$(TOP_SRCDIR)/crypto/rfc3961 \ + -I$(TOP_SRCDIR)/external/heimdal/krb5 + +n-fold.o: $(TOP_SRCDIR)/external/heimdal/krb5/n-fold.c + $(CRULE_OPT) +CFLAGS-n-fold.o = $(RFC3961_INCLUDES) + +crypto.o: $(TOP_SRCDIR)/external/heimdal/krb5/crypto.c + $(CRULE_OPT) +CFLAGS-crypto.o = $(RFC3961_INCLUDES) + +crypto-aes.o: $(TOP_SRCDIR)/external/heimdal/krb5/crypto-aes.c + $(CRULE_OPT) +CFLAGS-crypto-aes.o = $(RFC3961_INCLUDES) + +crypto-evp.o: $(TOP_SRCDIR)/external/heimdal/krb5/crypto-evp.c + $(CRULE_OPT) +CFLAGS-crypto-evp.o = $(RFC3961_INCLUDES) + +crypto-data.o: $(TOP_SRCDIR)/external/heimdal/krb5/data.c + $(CRULE_OPT) +CFLAGS-crypto-data.o = $(RFC3961_INCLUDES) + +crypto-keyblock.o: $(TOP_SRCDIR)/external/heimdal/krb5/keyblock.c + $(CRULE_OPT) +CFLAGS-crypto-keyblock.o = $(RFC3961_INCLUDES) + +crypto-store-int.o: $(TOP_SRCDIR)/external/heimdal/krb5/store-int.c + $(CRULE_OPT) +CFLAGS-crypto-store-int.o = $(RFC3961_INCLUDES) + +crypto-random.o: $(TOP_SRCDIR)/crypto/rfc3961/kernel/random.c + $(CRULE_OPT) +CFLAGS-crypto-random.o = -I$(TOP_SRCDIR)/crypto/kernel + +crypto-algs.o: $(TOP_SRCDIR)/crypto/rfc3961/kernel/algs.c + $(CRULE_OPT) +CFLAGS-crypto-algs.o = $(RFC3961_INCLUDES) + +crypto-copy.o: $(TOP_SRCDIR)/crypto/rfc3961/copy.c + $(CRULE_OPT) +CFLAGS-crypto-copy.o = $(RFC3961_INCLUDES) + +crypto-context.o: $(TOP_SRCDIR)/crypto/rfc3961/context.c + $(CRULE_OPT) +CFLAGS-crypto-context.o = $(RFC3961_INCLUDES) + +crypto-ct.o: $(TOP_SRCDIR)/external/heimdal/roken/ct.c + $(CRULE_OPT) +CFLAGS-crypto-ct.o = $(RFC3961_INCLUDES) + # Files which are specific to particular architectures/targets # but have common build rules. Place here instead of duplicating # in the per-platform Makefiles. diff --git a/src/libafs/MakefileProto.LINUX.in b/src/libafs/MakefileProto.LINUX.in index 048cc791a7..6f34d09a52 100644 --- a/src/libafs/MakefileProto.LINUX.in +++ b/src/libafs/MakefileProto.LINUX.in @@ -97,6 +97,22 @@ CFLAGS_sha.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto CFLAGS_md5.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto CFLAGS_random.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto +RFC3961_INCLUDES = -I$(TOP_SRCDIR)/crypto/rfc3961 \ + -I$(TOP_SRCDIR)/external/heimdal/krb5 + +CFLAGS_crypto.o = $(RFC3961_INCLUDES) +CFLAGS_crypto-aes.o = $(RFC3961_INCLUDES) +CFLAGS_crypto-context.o = $(RFC3961_INCLUDES) +CFLAGS_crypto-copy.o = $(RFC3961_INCLUDES) +CFLAGS_crypto-ct.o = $(RFC3961_INCLUDES) +CFLAGS_crypto-evp.o = $(RFC3961_INCLUDES) +CFLAGS_crypto-data.o = $(RFC3961_INCLUDES) +CFLAGS_crypto-keyblock.o = $(RFC3961_INCLUDES) +CFLAGS_crypto-store-int.o = $(RFC3961_INCLUDES) +CFLAGS_crypto-random.o = $(RFC3961_INCLUDES) +CFLAGS_crypto-algs.o = $(RFC3961_INCLUDES) +CFLAGS_n-fold.o = $(RFC3961_INCLUDES) + # System specific build commands and flags # All the platform-specific and kernel-related things are provided by