Restructure the crypto checksum implementation to minimize

dependencies on the internals of modules.

* Keyhash providers are gone.
* The cksumtypes table contains checksum and verify functions,
  similar to the etypes encrypt and decrypt functions.  New checksum
  functions parallel the old keyhash providers, and there are also
  functions for unkeyed and derived-key HMAC checksums.
* The flags field is now used to indicate whether a checksum is
  unkeyed, but not whether it is a derived-key HMAC checksum.
* The descbc checksum is handled through a new enc_provider function
  which calculates a CBC MAC.

The OpenSSL module does not implement the CBC MAC function (it didn't
implement descbc before).  builtin/des could probably get rid of
f_cksum.c (the old DES CBC routine) with some alterations to
string2key.c.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23462 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 53 insertions, 0 deletions

diff --git a/src/lib/crypto/builtin/des/des_int.h b/src/lib/crypto/builtin/des/des_int.h
index 9dd599453a..419459d22c 100644
--- a/src/lib/crypto/builtin/des/des_int.h
+++ b/src/lib/crypto/builtin/des/des_int.h
@@ -263,6 +263,11 @@ krb5int_des_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data,
                         const mit_des_key_schedule schedule,
                         mit_des_cblock ivec);
 
+void
+krb5int_des_cbc_mac(const krb5_crypto_iov *data, unsigned long num_data,
+                    const mit_des_key_schedule schedule, mit_des_cblock ivec,
+                    mit_des_cblock out);
+
 /* d3_procky.c */
 krb5_error_code mit_des3_process_key(krb5_encrypt_block *eblock,
                                      const krb5_keyblock *keyblock);
diff --git a/src/lib/crypto/builtin/des/f_aead.c b/src/lib/crypto/builtin/des/f_aead.c
index 3f4fbae826..bb3982d1b4 100644
--- a/src/lib/crypto/builtin/des/f_aead.c
+++ b/src/lib/crypto/builtin/des/f_aead.c
@@ -152,6 +152,54 @@ krb5int_des_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data,
     }
 }
 
+void
+krb5int_des_cbc_mac(const krb5_crypto_iov *data, unsigned long num_data,
+                    const mit_des_key_schedule schedule, mit_des_cblock ivec,
+                    mit_des_cblock out)
+{
+    unsigned DES_INT32 left, right;
+    const unsigned DES_INT32 *kp;
+    const unsigned char *ip;
+    struct iov_block_state input_pos;
+    unsigned char storage[MIT_DES_BLOCK_LENGTH], *block = NULL, *ptr;
+
+    IOV_BLOCK_STATE_INIT(&input_pos);
+    input_pos.include_sign_only = 1;
+
+    /* Get key pointer here.  This won't need to be reinitialized. */
+    kp = (const unsigned DES_INT32 *)schedule;
+
+    /* Initialize left and right with the contents of the initial vector. */
+    ip = (ivec != NULL) ? ivec : mit_des_zeroblock;
+    GET_HALF_BLOCK(left, ip);
+    GET_HALF_BLOCK(right, ip);
+
+    /* Work the length down 8 bytes at a time. */
+    for (;;) {
+        unsigned DES_INT32 temp;
+
+        ptr = iov_next_block(storage, MIT_DES_BLOCK_LENGTH, data, num_data,
+                             &input_pos);
+        if (ptr == NULL)
+            break;
+        block = ptr;
+
+        /* Decompose this block and xor it with the previous ciphertext. */
+        GET_HALF_BLOCK(temp, ptr);
+        left  ^= temp;
+        GET_HALF_BLOCK(temp, ptr);
+        right ^= temp;
+
+        /* Encrypt what we have. */
+        DES_DO_ENCRYPT(left, right, kp);
+    }
+
+    /* Output the final ciphertext block. */
+    ptr = out;
+    PUT_HALF_BLOCK(left, ptr);
+    PUT_HALF_BLOCK(right, ptr);
+}
+
 #if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
 void krb5int_des_do_encrypt_2 (unsigned DES_INT32 *left,
                                unsigned DES_INT32 *right,