# plugins/preauth/wpse
# plugins/preauth/cksum_body
# plugins/authdata/greet
-SUBDIRS=util include plugin_core plugins/prng \
+SUBDIRS=util include plugin_core plugin_core/impl plugins/prng \
plugins/pa plugins/pa/encrypted_challenge \
lib \
@ldap_plugin_dir@ \
lib\crypto\@CRYPTO_IMPL@\hash_provider\Makefile \
lib\crypto\krb\keyhash_provider\Makefile \
lib\crypto\krb\prf\Makefile lib\crypto\krb\rand2key\Makefile \
+ lib\crypto\krb\yarrow\Makefile \
lib\crypto\krb\raw\Makefile lib\crypto\krb\old\Makefile \
lib\crypto\@CRYPTO_IMPL@\sha1\Makefile lib\crypto\@CRYPTO_IMPL@\arcfour\Makefile \
lib\crypto\@CRYPTO_IMPL@\md4\Makefile lib\crypto\@CRYPTO_IMPL@\md5\Makefile \
lib/crypto/krb/dk lib/crypto/$CRYPTO_IMPL/enc_provider
lib/crypto/$CRYPTO_IMPL/hash_provider lib/crypto/krb/checksum
lib/crypto/krb/prf lib/crypto/krb/rand2key
+ lib/crypto/krb/yarrow
lib/crypto/$CRYPTO_IMPL lib/crypto/$CRYPTO_IMPL/md4 lib/crypto/$CRYPTO_IMPL/md5
lib/crypto/krb/old lib/crypto/krb/raw lib/crypto/$CRYPTO_IMPL/sha1
lib/crypto/krb/arcfour lib/crypto/$CRYPTO_IMPL/aes
plugins/prng
plugin_core/impl
- plugins/prng/plugin_yarrow
plugins/pa
plugins/pa/encrypted_challenge
plugin_core
/*
* Internal - for cleanup.
*/
-extern void krb5int_prng_cleanup(krb5_context context);
+extern void krb5int_prng_cleanup(void);
#ifdef KRB5_OLD_CRYPTO
extern krb5_error_code
krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
-extern int krb5int_crypto_init (krb5_context);
-extern int krb5int_prng_init(krb5_context context);
+extern int krb5int_crypto_init (void);
+extern int krb5int_prng_init(void);
/*
* Referral definitions, debugging hooks, and subfunctions.
mydir=lib
-SUBDIRS=crypto ../plugins/prng/plugin_yarrow ../plugin_core/impl krb5 gssapi rpc kdb kadm5 apputils
+SUBDIRS=crypto ../plugin_core/impl krb5 gssapi rpc kdb kadm5 apputils
BUILDTOP=$(REL)..
all-unix::
LIBFINIFUNC=cryptoint_cleanup_library
RELDIR=crypto
-STOBJLISTS=krb/crc32/OBJS.ST krb/dk/OBJS.ST @CRYPTO_IMPL@/enc_provider/OBJS.ST \
- @CRYPTO_IMPL@/hash_provider/OBJS.ST krb/checksum/OBJS.ST \
- krb/prf/OBJS.ST krb/rand2key/OBJS.ST \
- krb/old/OBJS.ST krb/raw/OBJS.ST \
- @CRYPTO_IMPL@/md4/OBJS.ST @CRYPTO_IMPL@/md5/OBJS.ST @CRYPTO_IMPL@/sha1/OBJS.ST \
- krb/arcfour/OBJS.ST @CRYPTO_IMPL@/aes/OBJS.ST @CRYPTO_IMPL@/des/OBJS.ST \
- krb/OBJS.ST @CRYPTO_IMPL@/OBJS.ST
-
-SUBDIROBJLISTS=krb/crc32/OBJS.ST krb/dk/OBJS.ST @CRYPTO_IMPL@/enc_provider/OBJS.ST \
- @CRYPTO_IMPL@/hash_provider/OBJS.ST krb/checksum/OBJS.ST \
- krb/prf/OBJS.ST krb/rand2key/OBJS.ST \
- krb/old/OBJS.ST krb/raw/OBJS.ST \
- @CRYPTO_IMPL@/md4/OBJS.ST @CRYPTO_IMPL@/md5/OBJS.ST @CRYPTO_IMPL@/sha1/OBJS.ST \
- krb/arcfour/OBJS.ST @CRYPTO_IMPL@/aes/OBJS.ST @CRYPTO_IMPL@/des/OBJS.ST \
- krb/OBJS.ST @CRYPTO_IMPL@/OBJS.ST
+STOBJLISTS=krb/crc32/OBJS.ST krb/dk/OBJS.ST \
+ @CRYPTO_IMPL@/enc_provider/OBJS.ST \
+ @CRYPTO_IMPL@/hash_provider/OBJS.ST \
+ krb/checksum/OBJS.ST krb/prf/OBJS.ST krb/rand2key/OBJS.ST \
+ krb/old/OBJS.ST krb/raw/OBJS.ST krb/yarrow/OBJS.ST \
+ @CRYPTO_IMPL@/md4/OBJS.ST @CRYPTO_IMPL@/md5/OBJS.ST \
+ @CRYPTO_IMPL@/sha1/OBJS.ST \
+ krb/arcfour/OBJS.ST \
+ @CRYPTO_IMPL@/aes/OBJS.ST @CRYPTO_IMPL@/des/OBJS.ST \
+ krb/OBJS.ST \
+ @CRYPTO_IMPL@/OBJS.ST
+
+SUBDIROBJLISTS=krb/crc32/OBJS.ST krb/dk/OBJS.ST \
+ @CRYPTO_IMPL@/enc_provider/OBJS.ST \
+ @CRYPTO_IMPL@/hash_provider/OBJS.ST \
+ krb/checksum/OBJS.ST krb/prf/OBJS.ST krb/rand2key/OBJS.ST \
+ krb/old/OBJS.ST krb/raw/OBJS.ST krb/yarrow/OBJS.ST \
+ @CRYPTO_IMPL@/md4/OBJS.ST @CRYPTO_IMPL@/md5/OBJS.ST \
+ @CRYPTO_IMPL@/sha1/OBJS.ST \
+ krb/arcfour/OBJS.ST \
+ @CRYPTO_IMPL@/aes/OBJS.ST @CRYPTO_IMPL@/des/OBJS.ST \
+ krb/OBJS.ST \
+ @CRYPTO_IMPL@/OBJS.ST
# No dependencies. Record places to find this shared object if the target
# link editor and loader support it.
DEPLIBS=
SHLIB_DIRS=-L$(TOPLIBD)
-SHLIB_EXPLIBS= $(SUPPORT_LIB) @CRYPTO_LIBS@ $(LIBS) -lyaml $(PLUGIN_CORE_DEPLIB) $(PLUGIN_PRNG_DEPLIB)
+SHLIB_EXPLIBS= $(SUPPORT_LIB) @CRYPTO_LIBS@ $(LIBS)
SHLIB_EXPDEPLIBS= $(SUPPORT_DEPLIB)
SHLIB_LDFLAGS= $(LDFLAGS) @SHLIB_RPATH_DIRS@
SHLIB_LIBDIRS= @SHLIB_LIBDIRS@
DEFS=
PLUGINS_LIBS = -lkrb5 \
- $(srcdir)/../../libplugin_impl.a $(srcdir)/../../libplugin_yarrow.a $(srcdir)/../../libencrypted_challenge.a \
+ $(srcdir)/../../libplugin_impl.a $(srcdir)/../../libencrypted_challenge.a \
$(LIBS_PROFILE) $(PLUGIN_CORE_DEPLIB)
EXTRADEPSRCS=\
*/
#include "k5-int.h"
-#include <plugin_default_manager.h>
-#include <plugin_prng.h>
-
#define MD5_K5BETA_COMPAT
#define MD4_K5BETA_COMPAT
krb5_error_code kret=0;
krb5_data plaintext;
krb5_checksum checksum, knowncksum;
- plugin_manager* default_manager;
- const char conf_path[] = "plugin_conf.yml";
-
- default_manager = plugin_default_manager_get_instance();
- set_plugin_manager_instance(default_manager);
- plugin_manager_configure(conf_path);
- plugin_manager_start();
+ krb5_context context;
+ krb5_init_context(&context);
/* this is a terrible seed, but that's ok for the test. */
plaintext.length = 8;
plaintext.data = (char *) testkey;
- krb5_c_random_seed(/* XXX */ 0, &plaintext);
+ krb5_c_random_seed(context, &plaintext);
keyblock.enctype = ENCTYPE_DES_CBC_CRC;
keyblock.length = sizeof(testkey);
keyblock.contents = testkey;
- krb5_k_create_key(NULL, &keyblock, &key);
+ krb5_k_create_key(context, &keyblock, &key);
for (msgindex = 1; msgindex + 1 < argc; msgindex += 2) {
plaintext.length = strlen(argv[msgindex]);
plaintext.data = argv[msgindex];
/* Create a checksum. */
- kret = krb5_k_make_checksum(NULL, CKTYPE, key, 0, &plaintext,
+ kret = krb5_k_make_checksum(context, CKTYPE, key, 0, &plaintext,
&checksum);
if (kret != 0) {
printf("krb5_calculate_checksum choked with %d\n", kret);
print_checksum("correct", MD, argv[msgindex], &checksum);
/* Verify it. */
- kret = krb5_k_verify_checksum(NULL, key, 0, &plaintext, &checksum,
+ kret = krb5_k_verify_checksum(context, key, 0, &plaintext, &checksum,
&valid);
if (kret != 0) {
printf("verify on new checksum choked with %d\n", kret);
/* Corrupt the checksum and see if it still verifies. */
checksum.contents[0]++;
- kret = krb5_k_verify_checksum(NULL, key, 0, &plaintext, &checksum,
+ kret = krb5_k_verify_checksum(context, key, 0, &plaintext, &checksum,
&valid);
if (kret != 0) {
printf("verify on new checksum choked with %d\n", kret);
kret = 1;
break;
}
- kret = krb5_k_verify_checksum(NULL, key, 0, &plaintext, &knowncksum,
+ kret = krb5_k_verify_checksum(context, key, 0, &plaintext, &knowncksum,
&valid);
if (kret != 0) {
printf("verify on known checksum choked with %d\n", kret);
if (!kret)
printf("%d tests passed successfully for MD%d checksum\n", (argc-1)/2, MD);
- krb5_k_free_key(NULL, key);
+ krb5_k_free_key(context, key);
return(kret);
}
+
#include "k5-int.h"
#include "etypes.h"
#include <stdio.h>
-#include <plugin_default_manager.h>
-#include <plugin_prng.h>
/* What enctypes should we test?*/
krb5_enc_data enc_out, enc_out2;
krb5_keyblock *keyblock;
krb5_key key;
- plugin_manager* default_manager;
- const char conf_path[] = "plugin_conf.yml";
-
- default_manager = plugin_default_manager_get_instance();
- set_plugin_manager_instance(default_manager);
-
- plugin_manager_configure(conf_path);
- plugin_manager_start();
+ krb5_init_context(&context);
memset(iov, 0, sizeof(iov));
krb5_enc_data outblock;
krb5_checksum sum;
krb5_boolean val;
+ krb5_context ctx;
+
+ krb5_init_context ctx;
if (argc != 5) {
fprintf(stderr, "Usage: t_kperf {c|k}{e|d|m|v} type size nblocks\n");
block.data = "notrandom";
block.length = 9;
- krb5_c_random_seed(NULL, &block);
+ krb5_c_random_seed(ctx, &block);
- krb5_c_make_random_key(NULL, enctype, &kblock);
+ krb5_c_make_random_key(ctx, enctype, &kblock);
krb5_k_create_key(NULL, &kblock, &key);
block.length = blocksize;
unsigned int source_id, seed_length;
unsigned int i;
//#if 0
+ krb5_context ctx;
plugin_manager* default_manager;
- const char conf_path[] = "plugin_conf.yml";
+ static plugin_manager* plugin_mngr_instance = NULL;
+
+// ret = krb5int_initialize_library();
+ //if (ret) return ret;
+
+ ctx = calloc(1, sizeof(struct _krb5_context));
+ if (!ctx) return ENOMEM;
+
+ /* Plugin initialization */
+ plugin_default_manager_get_instance(&plugin_mngr_instance);
+ set_plugin_manager_instance(&ctx->pl_handle, plugin_mngr_instance);
+ plugin_manager_configure(ctx->pl_handle, "");
+ plugin_manager_start(ctx->pl_handle);
+/*
default_manager = plugin_default_manager_get_instance();
set_plugin_manager_instance(default_manager);
- plugin_manager_configure(conf_path);
+ plugin_manager_configure("");
plugin_manager_start();
+*/
+
//#endif
while (1) {
/* Read source*/
input.data[seed_length-lc] = (unsigned) (i&0xff);
}
input.length = seed_length;
- assert (krb5_c_random_add_entropy (0, source_id, &input) == 0);
+ assert (krb5_c_random_add_entropy (ctx, source_id, &input) == 0);
free (input.data);
input.data = NULL;
}
if (i) {
assert ((output.data = malloc (i)) != NULL);
output.length = i;
- ret = krb5_c_random_make_octets (0, &output);
+ ret = krb5_c_random_make_octets (ctx, &output);
if (ret)
printf ("failed\n");
else {
*/
#include "k5-int.h"
-#include <plugin_default_manager.h>
-#include <plugin_prng.h>
krb5_enctype interesting_enctypes[] = {
}
static void
-test_enctype(krb5_enctype enctype)
+test_enctype(krb5_context context, krb5_enctype enctype)
{
krb5_error_code ret;
krb5_keyblock keyblock;
printf("Testing enctype %d\n", (int) enctype);
x(krb5_c_encrypt_length(NULL, enctype, 0, &min_len));
- x(krb5_c_make_random_key(NULL, enctype, &keyblock));
+ x(krb5_c_make_random_key(context, enctype, &keyblock));
input.enctype = enctype;
/* Try each length up to the minimum length. */
{
int i;
krb5_data notrandom;
- plugin_manager* default_manager;
- const char conf_path[] = "plugin_conf.yml";
+ krb5_context context;
- default_manager = plugin_default_manager_get_instance();
- set_plugin_manager_instance(default_manager);
-
- plugin_manager_configure(conf_path);
- plugin_manager_start();
+ krb5_init_context(&context);
notrandom.data = "notrandom";
notrandom.length = 9;
- krb5_c_random_seed(NULL, ¬random);
+ krb5_c_random_seed(context, ¬random);
for (i = 0; interesting_enctypes[i]; i++)
- test_enctype(interesting_enctypes[i]);
+ test_enctype(context, interesting_enctypes[i]);
return 0;
}
mydir=lib/crypto/krb
BUILDTOP=$(REL)..$(S)..$(S)..
SUBDIRS= arcfour checksum crc32 dk \
- prf rand2key old raw
+ prf rand2key old raw yarrow
LOCALINCLUDES = -I$(srcdir) -I$(srcdir)/../@CRYPTO_IMPL@/enc_provider -I$(srcdir)/dk \
-I$(srcdir)/../@CRYPTO_IMPL@/hash_provider \
-I$(srcdir)/prf -I$(srcdir)/rand2key \
- -I$(srcdir)/old -I$(srcdir)/raw \
+ -I$(srcdir)/old -I$(srcdir)/raw -I$(srcdir)/yarrow \
-I$(srcdir)/../@CRYPTO_IMPL@/ -I$(srcdir)/../@CRYPTO_IMPL@/des \
-I$(srcdir)/../@CRYPTO_IMPL@/aes -I$(srcdir)/arcfour \
- -I$(srcdir)/../@CRYPTO_IMPL@/sha1 -I$(srcdir)/../@CRYPTO_IMPL@ \
- -I$(BUILDTOP)/plugins/prng -I$(BUILDTOP)/plugin_core
+ -I$(srcdir)/../@CRYPTO_IMPL@/sha1 -I$(srcdir)/../@CRYPTO_IMPL@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
DEFS=
STOBJLISTS=arcfour/OBJS.ST checksum/OBJS.ST crc32/OBJS.ST \
dk/OBJS.ST prf/OBJS.ST rand2key/OBJS.ST \
- old/OBJS.ST raw/OBJS.ST OBJS.ST
+ old/OBJS.ST raw/OBJS.ST yarrow/OBJS.ST OBJS.ST
SUBDIROBJLISTS=arcfour/OBJS.ST checksum/OBJS.ST crc32/OBJS.ST \
dk/OBJS.ST prf/OBJS.ST rand2key/OBJS.ST \
- old/OBJS.ST raw/OBJS.ST
+ old/OBJS.ST raw/OBJS.ST yarrow/OBJS.ST
##DOS##LIBOBJS = $(OBJS)
cd ..\raw
@echo Making in crypto\raw
$(MAKE) -$(MFLAGS)
+ cd ..\yarrow
+ @echo Making in crypto\yarrow
+ $(MAKE) -$(MFLAGS)
cd ..
clean-windows::
cd ..\raw
@echo Making clean in crypto\raw
$(MAKE) -$(MFLAGS) clean
+ cd ..\yarrow
+ @echo Making clean in crypto\yarrow
+ $(MAKE) -$(MFLAGS) clean
cd ..
check-windows::
cd ..\raw
@echo Making check in crypto\raw
$(MAKE) -$(MFLAGS) check
+ cd ..\yarrow
+ @echo Making check in crypto\yarrow
+ $(MAKE) -$(MFLAGS) check
cd ..
}
krb5_error_code
-krb5int_c_iov_decrypt_stream(krb5_context ctx, const struct krb5_keytypes *ktp, krb5_key key,
+krb5int_c_iov_decrypt_stream(const struct krb5_keytypes *ktp, krb5_key key,
krb5_keyusage keyusage, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data)
{
assert(i <= num_data + 2);
- ret = ktp->decrypt(ctx, ktp, key, keyusage, ivec, iov, i);
+ ret = ktp->decrypt(ktp, key, keyusage, ivec, iov, i);
free(iov);
return ret;
}
struct iov_block_state *iov_state);
krb5_error_code
-krb5int_c_iov_decrypt_stream(krb5_context, const struct krb5_keytypes *ktp, krb5_key key,
+krb5int_c_iov_decrypt_stream(const struct krb5_keytypes *ktp, krb5_key key,
krb5_keyusage keyusage, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data);
* fill in the contents. If ctp->enc is not NULL, the handler can assume that
* key is a valid-length key of an enctype which uses that enc provider.
*/
-typedef krb5_error_code (*checksum_func)(krb5_context, const struct krb5_cksumtypes *ctp,
+typedef krb5_error_code (*checksum_func)(const struct krb5_cksumtypes *ctp,
krb5_key key, krb5_keyusage usage,
const krb5_crypto_iov *data,
size_t num_data,
* ctp->enc is not NULL, the handler can assume that key a valid-length key of
* an enctype which uses that enc provider.
*/
-typedef krb5_error_code (*verify_func)(krb5_context, const struct krb5_cksumtypes *ctp,
+typedef krb5_error_code (*verify_func)(const struct krb5_cksumtypes *ctp,
krb5_key key, krb5_keyusage usage,
const krb5_crypto_iov *data,
size_t num_data,
#include "etypes.h"
#include "dk.h"
-static krb5_error_code dr(krb5_context ctx, const struct krb5_enc_provider *enc,
+static krb5_error_code dr(const struct krb5_enc_provider *enc,
const krb5_keyblock *inkey, unsigned char *outdata,
const krb5_data *in_constant);
input.length = key2->length;
input.data = (char *) key2->contents;
- ret = dr(context, enc, key1, r1, &input);
+ ret = dr(enc, key1, r1, &input);
if (ret)
goto cleanup;
input.length = key1->length;
input.data = (char *) key1->contents;
- ret = dr(context, enc, key2, r2, &input);
+ ret = dr(enc, key2, r2, &input);
if (ret)
goto cleanup;
myalloc = TRUE;
}
- ret = krb5int_derive_keyblock(context, enc, tkey, outkey, &input);
+ ret = krb5int_derive_keyblock(enc, tkey, outkey, &input);
if (ret) {
if (myalloc) {
free(outkey->contents);
/* Our DR function, a simple wrapper around krb5int_derive_random(). */
static krb5_error_code
-dr(krb5_context ctx, const struct krb5_enc_provider *enc, const krb5_keyblock *inkey,
+dr(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey,
unsigned char *out, const krb5_data *in_constant)
{
krb5_data outdata = make_data(out, enc->keybytes);
ret = krb5_k_create_key(NULL, inkey, &key);
if (ret != 0)
return ret;
- ret = krb5int_derive_random(ctx, enc, key, &outdata, in_constant);
+ ret = krb5int_derive_random(enc, key, &outdata, in_constant);
krb5_k_free_key(NULL, key);
return ret;
}
#include <assert.h>
#include "k5-int.h"
-// MAKE_INIT_FUNCTION(cryptoint_initialize_library);
-// MAKE_FINI_FUNCTION(cryptoint_cleanup_library);
+MAKE_INIT_FUNCTION(cryptoint_initialize_library);
+MAKE_FINI_FUNCTION(cryptoint_cleanup_library);
-extern int krb5int_prng_init(krb5_context);
-extern void krb5int_prng_cleanup (krb5_context);
+extern int krb5int_prng_init(void);
+extern void krb5int_prng_cleanup (void);
/*
* Initialize the crypto library.
*/
-int cryptoint_initialize_library (krb5_context ctx)
+int cryptoint_initialize_library (void)
{
- return krb5int_prng_init(ctx);
+ return krb5int_prng_init();
}
-int krb5int_crypto_init(krb5_context ctx)
+int krb5int_crypto_init(void)
{
- // return CALL_INIT_FUNCTION(cryptoint_initialize_library);
-return cryptoint_initialize_library ( ctx);
+ return CALL_INIT_FUNCTION(cryptoint_initialize_library);
}
/*
* Clean up the crypto library state
*/
-void cryptoint_cleanup_library (krb5_context ctx)
+void cryptoint_cleanup_library (void)
{
-// ??? temp ??? if (!INITIALIZER_RAN(cryptoint_initialize_library))
-// return;
- krb5int_prng_cleanup (ctx);
+ if (!INITIALIZER_RAN(cryptoint_initialize_library))
+ return;
+ krb5int_prng_cleanup ();
}
memcpy(iov[3].data.data, input->ciphertext.data + header_len + plain_len,
trailer_len);
- ret = ktp->decrypt(context, ktp, key, usage, ivec, iov, 4);
+ ret = ktp->decrypt(ktp, key, usage, ivec, iov, 4);
if (ret != 0)
zap(output->data, plain_len);
else
if (krb5int_c_locate_iov(data, num_data,
KRB5_CRYPTO_TYPE_STREAM) != NULL) {
- return krb5int_c_iov_decrypt_stream(context, ktp, key, usage, cipher_state,
+ return krb5int_c_iov_decrypt_stream(ktp, key, usage, cipher_state,
data, num_data);
}
- return ktp->decrypt(context, ktp, key, usage, cipher_state, data, num_data);
+ return ktp->decrypt(ktp, key, usage, cipher_state, data, num_data);
}
krb5_error_code KRB5_CALLCONV
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/enc_provider/enc_provider.h \
$(srcdir)/../builtin/sha1/shs.h $(srcdir)/../builtin/yhash.h \
- $(top_srcdir)/include/k5-buf.h \
+ $(srcdir)/yarrow/yarrow.h $(srcdir)/yarrow/ycipher.h \
+ $(srcdir)/yarrow/ytypes.h $(top_srcdir)/include/k5-buf.h \
$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
krb5_error_code
-krb5int_dk_checksum(krb5_context context, const struct krb5_cksumtypes *ctp,
+krb5int_dk_checksum(const struct krb5_cksumtypes *ctp,
krb5_key key, krb5_keyusage usage,
const krb5_crypto_iov *data, size_t num_data,
krb5_data *output)
datain = make_data(constantdata, K5CLENGTH);
store_32_be(usage, constantdata);
constantdata[4] = (char) 0x99;
- ret = krb5int_derive_key(context, enc, key, &kc, &datain);
+ ret = krb5int_derive_key(enc, key, &kc, &datain);
if (ret)
return ret;
}
krb5_error_code
-krb5int_derive_random(krb5_context context, const struct krb5_enc_provider *enc,
+krb5int_derive_random(const struct krb5_enc_provider *enc,
krb5_key inkey, krb5_data *outrnd,
const krb5_data *in_constant)
{
* the same inkey and constant.
*/
krb5_error_code
-krb5int_derive_keyblock(krb5_context context, const struct krb5_enc_provider *enc,
+krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
krb5_key inkey, krb5_keyblock *outkey,
const krb5_data *in_constant)
{
goto cleanup;
/* Derive pseudo-random data for the key bytes. */
- ret = krb5int_derive_random(context, enc, inkey, &rawkey, in_constant);
+ ret = krb5int_derive_random(enc, inkey, &rawkey, in_constant);
if (ret)
goto cleanup;
}
krb5_error_code
-krb5int_derive_key(krb5_context context, const struct krb5_enc_provider *enc,
+krb5int_derive_key(const struct krb5_enc_provider *enc,
krb5_key inkey, krb5_key *outkey,
const krb5_data *in_constant)
{
keyblock.enctype = inkey->keyblock.enctype;
if (keyblock.contents == NULL)
return ENOMEM;
- ret = krb5int_derive_keyblock(context, enc, inkey, &keyblock, in_constant);
+ ret = krb5int_derive_keyblock(enc, inkey, &keyblock, in_constant);
if (ret)
goto cleanup;
krb5_cryptotype type);
krb5_error_code
-krb5int_dk_encrypt(krb5_context, const struct krb5_keytypes *ktp, krb5_key key,
+krb5int_dk_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
krb5_keyusage usage, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data);
krb5_error_code
-krb5int_dk_decrypt(krb5_context, const struct krb5_keytypes *ktp, krb5_key key,
+krb5int_dk_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
krb5_keyusage usage, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data);
krb5_error_code
-krb5int_dk_string_to_key(krb5_context ctx, const struct krb5_keytypes *enc,
+krb5int_dk_string_to_key(const struct krb5_keytypes *enc,
const krb5_data *string, const krb5_data *salt,
const krb5_data *params, krb5_keyblock *key);
krb5_error_code
-krb5int_aes_string_to_key(krb5_context ctx, const struct krb5_keytypes *enc,
+krb5int_aes_string_to_key(const struct krb5_keytypes *enc,
const krb5_data *string, const krb5_data *salt,
const krb5_data *params, krb5_keyblock *key);
krb5_error_code
-krb5int_derive_keyblock(krb5_context, const struct krb5_enc_provider *enc,
+krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
krb5_key inkey,
krb5_keyblock *outkey,
const krb5_data *in_constant);
krb5_error_code
-krb5int_derive_key(krb5_context, const struct krb5_enc_provider *enc,
+krb5int_derive_key(const struct krb5_enc_provider *enc,
krb5_key inkey,
krb5_key *outkey,
const krb5_data *in_constant);
krb5_error_code
-krb5int_dk_checksum(krb5_context, const struct krb5_cksumtypes *ctp,
+krb5int_dk_checksum(const struct krb5_cksumtypes *ctp,
krb5_key key, krb5_keyusage usage,
const krb5_crypto_iov *data, size_t num_data,
krb5_data *output);
krb5_error_code
-krb5int_derive_random(krb5_context, const struct krb5_enc_provider *enc,
+krb5int_derive_random(const struct krb5_enc_provider *enc,
krb5_key inkey, krb5_data *outrnd,
const krb5_data *in_constant);
}
krb5_error_code
-krb5int_dk_encrypt(krb5_context context, const struct krb5_keytypes *ktp, krb5_key key,
+krb5int_dk_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
krb5_keyusage usage, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data)
{
d1.data[4] = 0xAA;
- ret = krb5int_derive_key(context, enc, key, &ke, &d1);
+ ret = krb5int_derive_key(enc, key, &ke, &d1);
if (ret != 0)
goto cleanup;
d1.data[4] = 0x55;
- ret = krb5int_derive_key(context, enc, key, &ki, &d1);
+ ret = krb5int_derive_key(enc, key, &ki, &d1);
if (ret != 0)
goto cleanup;
header->data.length = enc->block_size;
- ret = krb5_c_random_make_octets(/* XXX */ context, &header->data);
+ ret = krb5_c_random_make_octets(/* XXX */ NULL, &header->data);
if (ret != 0)
goto cleanup;
goto cleanup;
/* Encrypt the plaintext (header | data | padding) */
- ret = enc->encrypt(/*context,*/ ke, ivec, data, num_data);
+ ret = enc->encrypt(ke, ivec, data, num_data);
if (ret != 0)
goto cleanup;
}
krb5_error_code
-krb5int_dk_decrypt(krb5_context context, const struct krb5_keytypes *ktp, krb5_key key,
+krb5int_dk_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
krb5_keyusage usage, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data)
{
d1.data[4] = 0xAA;
- ret = krb5int_derive_key(context, enc, key, &ke, &d1);
+ ret = krb5int_derive_key(enc, key, &ke, &d1);
if (ret != 0)
goto cleanup;
d1.data[4] = 0x55;
- ret = krb5int_derive_key(context, enc, key, &ki, &d1);
+ ret = krb5int_derive_key(enc, key, &ki, &d1);
if (ret != 0)
goto cleanup;
#define kerberos_len (sizeof(kerberos)-1)
krb5_error_code
-krb5int_dk_string_to_key(krb5_context ctx, const struct krb5_keytypes *ktp,
+krb5int_dk_string_to_key(const struct krb5_keytypes *ktp,
const krb5_data *string, const krb5_data *salt,
const krb5_data *parms, krb5_keyblock *keyblock)
{
indata.length = kerberos_len;
indata.data = (char *) kerberos;
- ret = krb5int_derive_keyblock(ctx, enc, foldkey, keyblock, &indata);
+ ret = krb5int_derive_keyblock(enc, foldkey, keyblock, &indata);
if (ret != 0)
memset(keyblock->contents, 0, keyblock->length);
#define MAX_ITERATION_COUNT 0x1000000L
krb5_error_code
-krb5int_aes_string_to_key(krb5_context ctx, const struct krb5_keytypes *ktp,
+krb5int_aes_string_to_key(const struct krb5_keytypes *ktp,
const krb5_data *string,
const krb5_data *salt,
const krb5_data *params,
if (err)
goto cleanup;
- err = krb5int_derive_keyblock(ctx, ktp->enc, tempkey, key, &usage);
+ err = krb5int_derive_keyblock(ktp->enc, tempkey, key, &usage);
cleanup:
if (err)
iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER;
iov[3].data = make_data(iov[2].data.data + padding_len, trailer_len);
- ret = ktp->encrypt(context, ktp, key, usage, ivec, iov, 4);
+ ret = ktp->encrypt(ktp, key, usage, ivec, iov, 4);
if (ret != 0)
zap(iov[1].data.data, iov[1].data.length);
else
if (ktp == NULL)
return KRB5_BAD_ENCTYPE;
- return ktp->encrypt(context, ktp, key, usage, cipher_state, data, num_data);
+ return ktp->encrypt(ktp, key, usage, cipher_state, data, num_data);
}
krb5_error_code KRB5_CALLCONV
typedef unsigned int (*crypto_length_func)(const struct krb5_keytypes *ktp,
krb5_cryptotype type);
-typedef krb5_error_code (*crypt_func)(krb5_context ctx, const struct krb5_keytypes *ktp,
+typedef krb5_error_code (*crypt_func)(const struct krb5_keytypes *ktp,
krb5_key key, krb5_keyusage keyusage,
const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data);
iov.flags = KRB5_CRYPTO_TYPE_DATA;
iov.data = *input;
- ret = ctp->checksum(context, ctp, key, usage, &iov, 1, &cksum_data);
+ ret = ctp->checksum(ctp, key, usage, &iov, 1, &cksum_data);
if (ret != 0)
goto cleanup;
if (ret != 0)
return ret;
- ret = ctp->checksum(context, ctp, key, usage, data, num_data, &cksum_data);
+ ret = ctp->checksum(ctp, key, usage, data, num_data, &cksum_data);
if (ret != 0)
goto cleanup;
if (ret)
return ret;
- ivecd.length = blocksize;
- ivecd.data = ivec;
+ ivecd = make_data(ivec, blocksize);
}
/* size is the length of the input cleartext data. */
- inputd.length = size;
- inputd.data = inptr;
+ inputd = make_data((void *) inptr, size);
/*
* The size of the output buffer isn't part of the old api. Not too
if (ret)
return ret;
- outputd.ciphertext.length = outlen;
- outputd.ciphertext.data = outptr;
+ outputd.ciphertext = make_data(outptr, outlen);
return krb5_c_encrypt(context, eblock->key, 0, ivec ? &ivecd : 0,
&inputd, &outputd);
if (ret)
return ret;
- ivecd.length = blocksize;
- ivecd.data = ivec;
+ ivecd = make_data(ivec, blocksize);
}
/* size is the length of the input ciphertext data */
inputd.enctype = eblock->key->enctype;
- inputd.ciphertext.length = size;
- inputd.ciphertext.data = inptr;
+ inputd.ciphertext = make_data((void *) inptr, size);
/* we don't really know how big this is, but the code tends to assume
that the output buffer size should be the same as the input
buffer size */
- outputd.length = size;
- outputd.data = outptr;
+ outputd = make_data(outptr, size);
return krb5_c_decrypt(context, eblock->key, 0, ivec ? &ivecd : 0,
&inputd, &outputd);
krb5_init_random_key(krb5_context context, const krb5_encrypt_block *eblock,
const krb5_keyblock *keyblock, krb5_pointer *ptr)
{
- krb5_data data;
-
- data.length = keyblock->length;
- data.data = (char *) keyblock->contents;
+ krb5_data data = make_data(keyblock->contents, keyblock->length);
return krb5_c_random_seed(context, &data);
}
krb5_const_pointer seed, size_t seed_length,
krb5_checksum *outcksum)
{
- krb5_data input;
+ krb5_data input = make_data((void *) in, in_length);
krb5_keyblock key;
krb5_error_code ret;
krb5_checksum cksum;
- input.data = in;
- input.length = in_length;
-
key.enctype = ENCTYPE_NULL;
key.length = seed_length;
- key.contents = seed;
+ key.contents = (unsigned char *) seed;
ret = krb5_c_make_checksum(context, ctype, &key, 0, &input, &cksum);
if (ret)
size_t in_length, krb5_const_pointer seed,
size_t seed_length)
{
- krb5_data input;
+ krb5_data input = make_data((void *) in, in_length);
krb5_keyblock key;
krb5_error_code ret;
krb5_boolean valid;
- input.data = in;
- input.length = in_length;
-
key.length = seed_length;
- key.contents = seed;
+ key.contents = (unsigned char *) seed;
ret = krb5_c_verify_checksum(context, &key, 0, &input, cksum, &valid);
if (ret)
krb5_error_code KRB5_CALLCONV
krb5_random_confounder(size_t size, krb5_pointer ptr)
{
- krb5_data random_data;
-
- random_data.length = size;
- random_data.data = ptr;
+ krb5_data random_data = make_data(ptr, size);
return krb5_c_random_make_octets(NULL, &random_data);
}
if (ret)
return ret;
- ivecd.length = blocksize;
- ivecd.data = ivec;
+ ivecd = make_data(ivec, blocksize);
}
enc_data->magic = KV5M_ENC_DATA;
enc_data->kvno = 0;
enc_data->enctype = key->enctype;
- enc_data->ciphertext.length = enclen;
- enc_data->ciphertext.data = malloc(enclen);
- if (enc_data->ciphertext.data == NULL)
- return ENOMEM;
+ ret = alloc_data(&enc_data->ciphertext, enclen);
+ if (ret)
+ return ret;
ret = krb5_c_encrypt(context, key, 0, ivec ? &ivecd : 0, data, enc_data);
if (ret)
if (ret)
return ret;
- ivecd.length = blocksize;
- ivecd.data = ivec;
+ ivecd = make_data(ivec, blocksize);
}
- data->length = enc_data->ciphertext.length;
- data->data = malloc(data->length);
- if (data->data == NULL)
- return ENOMEM;
+ ret = alloc_data(data, enc_data->ciphertext.length);
+ if (ret)
+ return ret;
ret = krb5_c_decrypt(context, key, 0, ivec ? &ivecd : 0, enc_data, data);
if (ret)
#include <dk.h>
krb5_error_code
-krb5int_dk_prf(krb5_context ctx, const struct krb5_keytypes *ktp, krb5_key key,
+krb5int_dk_prf(const struct krb5_keytypes *ktp, krb5_key key,
const krb5_data *in, krb5_data *out)
{
const struct krb5_enc_provider *enc = ktp->enc;
goto cleanup;
/* Derive a key using the PRF constant. */
- ret = krb5int_derive_key(ctx, ktp->enc, key, &kp, &prfconst);
+ ret = krb5int_derive_key(ktp->enc, key, &kp, &prfconst);
if (ret != 0)
goto cleanup;
const krb5_data *in, krb5_data *out);
krb5_error_code
-krb5int_dk_prf(krb5_context ctx, const struct krb5_keytypes *ktp, krb5_key key,
+krb5int_dk_prf(const struct krb5_keytypes *ktp, krb5_key key,
const krb5_data *in, krb5_data *out);
#endif /*PRF_INTERNAL_DEFS*/
*/
#include "k5-int.h"
+#include "enc_provider.h"
#include <assert.h>
#include "k5-thread.h"
-#include <plugin_manager.h>
-#include <plugin_prng.h>
+#include "yarrow.h"
+static Yarrow_CTX y_ctx;
+#define yarrow_lock krb5int_yarrow_lock
+k5_mutex_t yarrow_lock = K5_MUTEX_PARTIAL_INITIALIZER;
+/* Helper function to estimate entropy based on sample length
+ * and where it comes from.
+ */
+
+static size_t
+entropy_estimate(unsigned int randsource, size_t length)
+{
+ switch (randsource) {
+ case KRB5_C_RANDSOURCE_OLDAPI:
+ return 4 * length;
+ case KRB5_C_RANDSOURCE_OSRAND:
+ return 8 * length;
+ case KRB5_C_RANDSOURCE_TRUSTEDPARTY:
+ return 4 * length;
+ case KRB5_C_RANDSOURCE_TIMING:
+ return 2;
+ case KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL:
+ return 0;
+ default:
+ abort();
+ }
+ return 0;
+}
+
+int krb5int_prng_init(void)
+{
+ unsigned i, source_id;
+ int yerr;
+
+ yerr = k5_mutex_finish_init(&yarrow_lock);
+ if (yerr)
+ return yerr;
+
+ yerr = krb5int_yarrow_init (&y_ctx, NULL);
+ if (yerr != YARROW_OK && yerr != YARROW_NOT_SEEDED)
+ return KRB5_CRYPTO_INTERNAL;
+
+ for (i=0; i < KRB5_C_RANDSOURCE_MAX; i++ ) {
+ if (krb5int_yarrow_new_source(&y_ctx, &source_id) != YARROW_OK)
+ return KRB5_CRYPTO_INTERNAL;
+ assert (source_id == i);
+ }
+ return 0;
+}
krb5_error_code KRB5_CALLCONV
krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
const krb5_data *data)
{
- plhandle handle = plugin_manager_get_service(context->pl_handle, "plugin_prng");
-
- plugin_prng_seed(handle, context, randsource, data);
+ int yerr;
+
+ /* Make sure the mutex got initialized. */
+ yerr = krb5int_crypto_init();
+ if (yerr)
+ return yerr;
+ /* Now, finally, feed in the data. */
+ yerr = krb5int_yarrow_input(&y_ctx, randsource,
+ data->data, data->length,
+ entropy_estimate(randsource, data->length));
+ if (yerr != YARROW_OK)
+ return KRB5_CRYPTO_INTERNAL;
return 0;
-
-
}
krb5_error_code KRB5_CALLCONV
}
krb5_error_code KRB5_CALLCONV
-krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
+krb5_c_random_make_octets(krb5_context context, krb5_data *data)
{
- plhandle handle = plugin_manager_get_service(context->pl_handle, "plugin_prng");
-
- plugin_prng_os_seed(handle, context, strong, success);
-
+ int yerr;
+ yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length);
+ if (yerr == YARROW_NOT_SEEDED) {
+ yerr = krb5int_yarrow_reseed(&y_ctx, YARROW_SLOW_POOL);
+ if (yerr == YARROW_OK)
+ yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length);
+ }
+ if (yerr != YARROW_OK)
+ return KRB5_CRYPTO_INTERNAL;
return 0;
}
-krb5_error_code KRB5_CALLCONV
-krb5_c_random_make_octets(krb5_context context, krb5_data *data)
+void
+krb5int_prng_cleanup (void)
{
- plhandle handle = plugin_manager_get_service(context->pl_handle, "plugin_prng");
+ krb5int_yarrow_final (&y_ctx);
+ k5_mutex_destroy(&yarrow_lock);
+}
- plugin_prng_rand(handle, context, data);
+/*
+ * Routines to get entropy from the OS. For UNIX we try /dev/urandom
+ * and /dev/random. Currently we don't do anything for Windows.
+ */
+#if defined(_WIN32)
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
+{
+ if (success)
+ *success = 0;
return 0;
}
-int krb5int_prng_init(krb5_context context)
-{
- int ret = 0;
- plhandle handle = plugin_manager_get_service(context->pl_handle, "plugin_prng");
+#else /*Windows*/
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
- ret = plugin_prng_init(handle);
+/*
+ * Helper function to read entropy from a random device. Takes the
+ * name of a device, opens it, makes sure it is a device and if so,
+ * reads entropy. Returns a boolean indicating whether entropy was
+ * read.
+ */
- return ret;
+static int
+read_entropy_from_device(krb5_context context, const char *device)
+{
+ krb5_data data;
+ struct stat sb;
+ int fd;
+ unsigned char buf[YARROW_SLOW_THRESH/8], *bp;
+ int left;
+
+ fd = open (device, O_RDONLY);
+ if (fd == -1)
+ return 0;
+ set_cloexec_fd(fd);
+ if (fstat(fd, &sb) == -1 || S_ISREG(sb.st_mode)) {
+ close(fd);
+ return 0;
+ }
+
+ for (bp = buf, left = sizeof(buf); left > 0;) {
+ ssize_t count;
+ count = read(fd, bp, (unsigned) left);
+ if (count <= 0) {
+ close(fd);
+ return 0;
+ }
+ left -= count;
+ bp += count;
+ }
+ close(fd);
+ data.length = sizeof (buf);
+ data.data = (char *) buf;
+ return (krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OSRAND,
+ &data) == 0);
}
-void
-krb5int_prng_cleanup(krb5_context context)
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
{
- plhandle handle = plugin_manager_get_service(context->pl_handle, "plugin_prng");
-
- plugin_prng_cleanup(handle);
-
- return;
+ int unused;
+ int *oursuccess = success ? success : &unused;
+
+ *oursuccess = 0;
+ /* If we are getting strong data then try that first. We are
+ guaranteed to cause a reseed of some kind if strong is true and
+ we have both /dev/random and /dev/urandom. We want the strong
+ data included in the reseed so we get it first.*/
+ if (strong) {
+ if (read_entropy_from_device(context, "/dev/random"))
+ *oursuccess = 1;
+ }
+ if (read_entropy_from_device(context, "/dev/urandom"))
+ *oursuccess = 1;
+ return 0;
}
-
+#endif /*Windows or pre-OSX Mac*/
/* If there's actually a verify function, call it. */
cksum_data = make_data(cksum->contents, cksum->length);
if (ctp->verify != NULL)
- return ctp->verify(context, ctp, key, usage, &iov, 1, &cksum_data, valid);
+ return ctp->verify(ctp, key, usage, &iov, 1, &cksum_data, valid);
/* Otherwise, make the checksum again, and compare. */
if (cksum->length != ctp->output_size)
/* If there's actually a verify function, call it. */
if (ctp->verify != NULL) {
- return ctp->verify(context, ctp, key, usage, data, num_data, &checksum->data,
+ return ctp->verify(ctp, key, usage, data, num_data, &checksum->data,
valid);
}
if (ret != 0)
return ret;
- ret = ctp->checksum(context, ctp, key, usage, data, num_data, &computed);
+ ret = ctp->checksum(ctp, key, usage, data, num_data, &computed);
if (ret == 0) {
*valid = (memcmp(computed.data, checksum->data.data,
ctp->output_size) == 0);
--- /dev/null
+mydir=lib/crypto/krb/yarrow
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES = -I$(srcdir)/.. \
+ -I$(srcdir)/../../@CRYPTO_IMPL@ \
+ -I$(srcdir)/../../@CRYPTO_IMPL@/sha1 \
+ -I$(srcdir)/../../@CRYPTO_IMPL@/enc_provider
+DEFS=
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR=yarrow
+##DOS##OBJFILE=..\$(OUTPRE)yarrow.lst
+
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
+STLIBOBJS=\
+ yarrow.o \
+ ycipher.o
+OBJS=\
+ $(OUTPRE)yarrow.$(OBJEXT) \
+ $(OUTPRE)ycipher.$(OBJEXT)
+
+SRCS=\
+ $(srcdir)/yarrow.c \
+ $(srcdir)/ycipher.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix:: all-libobjs
+
+includes:: depend
+
+depend:: $(SRCS)
+
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
#
yarrow.so yarrow.po $(OUTPRE)yarrow.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../lib/crypto/builtin/sha1/shs.h \
- $(srcdir)/../../../lib/crypto/builtin/yhash.h $(top_srcdir)/include/k5-buf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../crypto/builtin/sha1/shs.h \
+ $(srcdir)/../../../crypto/builtin/yhash.h $(top_srcdir)/include/k5-buf.h \
$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
ycipher.h yexcep.h ylock.h ystate.h ytypes.h
ycipher.so ycipher.po $(OUTPRE)ycipher.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../lib/crypto/builtin/enc_provider/enc_provider.h \
- $(srcdir)/../../../lib/crypto/builtin/sha1/shs.h $(srcdir)/../../../lib/crypto/builtin/yhash.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../crypto/builtin/enc_provider/enc_provider.h \
+ $(srcdir)/../../../crypto/builtin/sha1/shs.h $(srcdir)/../../../crypto/builtin/yhash.h \
$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
$(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/plugins/prng/plugin_yarrow/plugin_prng_impl.h \
$(top_srcdir)/plugin_core/plugin_manager.h \
$(top_srcdir)/plugin_core/plugin_factory.h \
- $(srcdir)/../../../lib/crypto/builtin/yhash.h \
- $(srcdir)/../../../lib/crypto/builtin/enc_provider/enc_provider.h \
+ $(srcdir)/../../../crypto/builtin/yhash.h \
+ $(srcdir)/../../../crypto/builtin/enc_provider/enc_provider.h \
plugin_prng_impl.c
PLUGINS_LIBS = \
../../plugin_core/impl/libplugin_impl.a $(PLUGIN_CORE_DEPLIB) \
- ../../plugins/pa/encrypted_challenge/libencrypted_challenge.a \
- ../../plugins/prng/plugin_yarrow/libplugin_yarrow.a
+ ../../plugins/pa/encrypted_challenge/libencrypted_challenge.a
##DOSBUILDTOP = ..\..
##DOS##PREFIXDIR=krb
##DOS##OBJFILE=..\$(OUTPRE)$(PREFIXDIR).lst
-PLUGINS_LIBS = $(srcdir)/../../libplugin_impl.a $(srcdir)/../../libplugin_yarrow.a $(srcdir)/../../libencrypted_challenge.a
+PLUGINS_LIBS = $(srcdir)/../../libplugin_impl.a $(srcdir)/../../libencrypted_challenge.a
+# PLUGINS_LIBS = $(srcdir)/../../libplugin_impl.a $(srcdir)/../../libplugin_yarrow.a $(srcdir)/../../libencrypted_challenge.a
STLIBOBJS= \
DEFS=
LOCALINCLUDES = -I$(srcdir)/../../include/krb5 -I$(srcdir)/. \
- -I$(srcdir)/../../plugins/prng/plugin_yarrow -I$(srcdir)/../../plugins/prng \
+ -I$(srcdir)/../../plugins/prng \
-I$(srcdir)/../../plugins/pa -I$(srcdir)/../../plugins/pa/encrypted_challenge \
-I$(srcdir)/..
STOBJLISTS=OBJS.ST
-LIBS_UTILS = ../plugin_core$(SO_EXT) \
- ../../plugins/prng/plugin_yarrow/plugin_prng_impl$(SO_EXT) \
- ../../plugins/prng/plugin_yarrow/ycipher$(SO_EXT) \
- ../../plugins/prng/plugin_yarrow/yarrow$(SO_EXT)
+LIBS_UTILS = ../plugin_core$(SO_EXT)
+
+# ../../plugins/prng/plugin_yarrow/plugin_prng_impl$(SO_EXT) \
+# ../../plugins/prng/plugin_yarrow/ycipher$(SO_EXT) \
+# ../../plugins/prng/plugin_yarrow/yarrow$(SO_EXT)
SHLIB_EXPLIBS= $(LIBS_UTILS) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB)
plugin_default_factory.so plugin_default_factory.po $(OUTPRE)plugin_default_factory.$(OBJEXT): \
$(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/plugin_core/plugin_factory.h \
$(top_srcdir)/plugin_core/plugin_manager.h \
- $(top_srcdir)/plugins/prng/plugin_yarrow/plugin_prng_impl.h \
$(top_srcdir)/plugins/pa/encrypted_challenge/plugin_pa_impl.h \
$(top_srcdir)/plugin_core/impl/plugin_default_manager.h \
$(top_srcdir)/plugin_core/impl/plugin_default_factory.h \
#include "plugin_manager.h"
#include "plugin_factory.h"
-#include "plugin_prng_impl.h"
+//#include "plugin_prng_impl.h"
#include "plugin_pa_impl.h"
#include "plugin_default_factory.h"
static plugin_factory* _default_factory_instance = NULL;
static plugin_descr plugin_default_factory_table[] = {
- {"plugin_yarrow_prng", plugin_yarrow_prng_create},
+// {"plugin_yarrow_prng", plugin_yarrow_prng_create},
{"plugin_encrypted_challenge_pa", plugin_encrypted_challenge_pa_create},
{"plugin_ldap_audit", NULL},
{NULL,NULL}
#define PLUGIN_DEFAULT_FACTORY_H_
#include <plugin_factory.h>
-#include "plugin_prng_impl.h"
+//#include "plugin_prng_impl.h"
factory_handle plugin_default_factory_get_instance(void);
krb5_error_code plugin_server_init(plhandle handle, krb5_context kcontext, void **module_context, const char **realmnames);
void plugin_server_fini(plhandle handle, krb5_context kcontext, void *module_context);
-#if 0
-krb5_preauthtype supported_pa_types[] = {KRB5_PADATA_ENCRYPTED_CHALLENGE, 0};
-
-struct krb5plugin_preauth_server_ftable_v1 preauthentication_server_1 = {
- "Encrypted challenge",
- &supported_pa_types[0],
- NULL,
- NULL,
- kdc_preauth_flags,
- kdc_include_padata,
- kdc_verify_preauth,
- kdc_return_preauth,
- NULL
-};
-
-struct krb5plugin_preauth_client_ftable_v1 preauthentication_client_1 = {
- "Encrypted Challenge", /* name */
- &supported_pa_types[0], /* pa_type_list */
- NULL, /* enctype_list */
- NULL, /* plugin init function */
- NULL, /* plugin fini function */
- preauth_flags, /* get flags function */
- NULL, /* request init function */
- NULL, /* request fini function */
- process_preauth, /* process function */
- NULL, /* try_again function */
- NULL /* get init creds opt function */
-};
-#endif
#endif /* PLUGIN_PA_H_ */
+++ /dev/null
-mydir=plugins/prng/plugin_yarrow
-BUILDTOP=$(REL)../../..
-RELDIR=../plugins/prng/plugin_yarrow
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-DEFS=
-
-LOCALINCLUDES = -I../../../include/krb5 -I. -I../../../plugin_core -I.. -I$(srcdir)/.. \
- -I$(srcdir)/../../../lib/crypto/@CRYPTO_IMPL@ \
- -I$(srcdir)/../../../lib/crypto/@CRYPTO_IMPL@/sha1 \
- -I$(srcdir)/../../../lib/crypto/@CRYPTO_IMPL@/enc_provider
-
-LIBBASE=plugin_yarrow
-
-STLIBOBJS= yarrow.o ycipher.o plugin_prng_impl.o
-SRCS=\
- $(srcdir)/yarrow.c \
- $(srcdir)/ycipher.c \
- $(srcdir)/plugin_prng_impl.c
-
-STOBJLISTS=OBJS.ST
-
-all-unix:: all-liblinks
-clean-unix:: clean-liblinks clean-libs clean-libobjs
-install-unix:: install-libs
-
-
-@libpriv_frag@
-@lib_frag@
-@libobj_frag@
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * Copyright (C) 2001, 2002, 2004, 2007, 2008 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government. It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "k5-int.h"
-#include "enc_provider.h"
-#include <assert.h>
-#include "k5-thread.h"
-
-#include <plugin_manager.h>
-#include <plugin_prng.h>
-#include "plugin_prng.h"
-#include "plugin_prng_impl.h"
-
-#include "yarrow.h"
-
-static Yarrow_CTX y_ctx;
-#define yarrow_lock krb5int_yarrow_lock
-k5_mutex_t yarrow_lock = K5_MUTEX_PARTIAL_INITIALIZER;
-
-
-/* Helper function to estimate entropy based on sample length
- * and where it comes from.
- */
-
-static size_t
-entropy_estimate(unsigned int randsource, size_t length)
-{
- switch (randsource) {
- case KRB5_C_RANDSOURCE_OLDAPI:
- return 4 * length;
- case KRB5_C_RANDSOURCE_OSRAND:
- return 8 * length;
- case KRB5_C_RANDSOURCE_TRUSTEDPARTY:
- return 4 * length;
- case KRB5_C_RANDSOURCE_TIMING:
- return 2;
- case KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL:
- return 0;
- default:
- abort();
- }
- return 0;
-}
-
-
-/*
- * Routines to get entropy from the OS. For UNIX we try /dev/urandom
- * and /dev/random. Currently we don't do anything for Windows.
- */
-#if defined(_WIN32)
-
-static krb5_error_code
-_plugin_prng_os_seed(krb5_context context, int strong, int *success)
-{
- if (success)
- *success = 0;
- return 0;
-}
-
-#else /*Windows*/
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-
-/*
- * Helper function to read entropy from a random device. Takes the
- * name of a device, opens it, makes sure it is a device and if so,
- * reads entropy. Returns a boolean indicating whether entropy was
- * read.
- */
-
-static krb5_error_code
-read_entropy_from_device(krb5_context context, const char *device)
-{
- krb5_data data;
- struct stat sb;
- int fd;
- unsigned char buf[YARROW_SLOW_THRESH/8], *bp;
- int left;
-
- fd = open (device, O_RDONLY);
- if (fd == -1)
- return 0;
- set_cloexec_fd(fd);
- if (fstat(fd, &sb) == -1 || S_ISREG(sb.st_mode)) {
- close(fd);
- return 0;
- }
-
- for (bp = buf, left = sizeof(buf); left > 0;) {
- ssize_t count;
- count = read(fd, bp, (unsigned) left);
- if (count <= 0) {
- close(fd);
- return 0;
- }
- left -= count;
- bp += count;
- }
- close(fd);
- data.length = sizeof (buf);
- data.data = (char *) buf;
- return (krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OSRAND,
- &data) == 0);
-}
-
-static krb5_error_code
-_plugin_prng_os_seed(krb5_context context, int strong, int *success)
-{
- int unused;
- int *oursuccess = success ? success : &unused;
-
- *oursuccess = 0;
- /* If we are getting strong data then try that first. We are
- guaranteed to cause a reseed of some kind if strong is true and
- we have both /dev/random and /dev/urandom. We want the strong
- data included in the reseed so we get it first.*/
- if (strong) {
- if (read_entropy_from_device(context, "/dev/random"))
- *oursuccess = 1;
- }
- if (read_entropy_from_device(context, "/dev/urandom"))
- *oursuccess = 1;
- return 0;
-}
-
-#endif /*Windows or pre-OSX Mac*/
-
-static krb5_error_code
-_plugin_prng_seed(krb5_context context, unsigned int randsource,
- const krb5_data *data)
-{
- int yerr;
-
- /* Make sure the mutex got initialized. */
- yerr = krb5int_crypto_init(context);
- if (yerr)
- return yerr;
- /* Now, finally, feed in the data. */
- yerr = krb5int_yarrow_input(&y_ctx, randsource,
- data->data, data->length,
- entropy_estimate(randsource, data->length));
- if (yerr != YARROW_OK)
- return KRB5_CRYPTO_INTERNAL;
- return 0;
-}
-
-static krb5_error_code
-_plugin_prng_rand(krb5_context context, krb5_data *data)
-{
- int yerr;
- yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length);
- if (yerr == YARROW_NOT_SEEDED) {
- yerr = krb5int_yarrow_reseed(&y_ctx, YARROW_SLOW_POOL);
- if (yerr == YARROW_OK)
- yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length);
- }
- if (yerr != YARROW_OK)
- return KRB5_CRYPTO_INTERNAL;
- return 0;
-}
-
-
-static void
-_plugin_prng_destroy(plugin_prng* api)
-{
- if (api != NULL) {
- free(api);
- }
-}
-
-static krb5_error_code
-_plugin_prng_init(void)
-{
- unsigned i, source_id;
- int yerr;
-
- yerr = k5_mutex_finish_init(&yarrow_lock);
- if (yerr)
- return yerr;
-
- yerr = krb5int_yarrow_init (&y_ctx, NULL);
- if (yerr != YARROW_OK && yerr != YARROW_NOT_SEEDED)
- return KRB5_CRYPTO_INTERNAL;
-
- for (i=0; i < KRB5_C_RANDSOURCE_MAX; i++ ) {
- if (krb5int_yarrow_new_source(&y_ctx, &source_id) != YARROW_OK)
- return KRB5_CRYPTO_INTERNAL;
- assert (source_id == i);
- }
-
- return 0;
-}
-
-static void
-_plugin_prng_cleanup (void)
-{
- krb5int_yarrow_final (&y_ctx);
- k5_mutex_destroy(&yarrow_lock);
-}
-
-
-plhandle
-plugin_yarrow_prng_create()
-{
- plhandle handle;
- plugin_prng* api = malloc(sizeof(plugin_prng));
-
- memset(api, 0, sizeof(plugin_prng));
- api->version = 0;
- api->prng_rand = _plugin_prng_rand;
- api->prng_seed = _plugin_prng_seed;
- api->prng_os_seed = _plugin_prng_os_seed;
- api->prng_init = _plugin_prng_init;
- api->prng_cleanup = _plugin_prng_cleanup;
- handle.api = api;
-
- return handle;
-}
-
+++ /dev/null
-/*
- * plugin_prng_impl.h
- *
- */
-
-#ifndef PLUGIN_PRNG_IMPL_H_
-#define PLUGIN_PRNG_IMPL_H_
-
-#include <plugin_manager.h>
-#include <plugin_prng.h>
-
-plhandle plugin_yarrow_prng_create(void);
-
-#endif /* PLUGIN_PRNG_IMPL_H_ */
projects / thirdparty / krb5.git / commitdiff
