Merge mskrb-integ onto trunk

The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
author: Sam Hartman <hartmans@mit.edu> 2009-01-03 23:19:42 +0000
committer: Sam Hartman <hartmans@mit.edu> 2009-01-03 23:19:42 +0000
commit: 0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d (patch)
tree: 2049c9c2cb135fe36b14c0a171711259258d18ec /src/lib/crypto/dk
parent: ff0a6514c9f4230938c29922d69cbd4e83691adf (diff)
download: krb5-0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d.tar.gz
krb5-0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d.tar.xz
krb5-0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d.zip
3 files changed, 33 insertions, 6 deletions
diff --git a/src/lib/crypto/dk/checksum.c b/src/lib/crypto/dk/checksum.c
index a0ec05c5d5..b51319b2ea 100644
--- a/src/lib/crypto/dk/checksum.c
+++ b/src/lib/crypto/dk/checksum.c
@@ -103,7 +103,7 @@ cleanup:
 }
 
 krb5_error_code
-krb5_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
+krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
 		          const krb5_keyblock *key, krb5_keyusage usage,
 			  const krb5_crypto_iov *data, size_t num_data,
 			  krb5_data *output)
@@ -159,7 +159,7 @@ krb5_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
 
     /* hash the data */
 
-    if ((ret = krb5_hmac_iov(hash, &kc, data, num_data, output)) != 0)
+    if ((ret = krb5int_hmac_iov(hash, &kc, data, num_data, output)) != 0)
 	memset(output->data, 0, output->length);
 
     /* ret is set correctly by the prior call */
diff --git a/src/lib/crypto/dk/dk.h b/src/lib/crypto/dk/dk.h
index a8def7a93d..bc40134eff 100644
--- a/src/lib/crypto/dk/dk.h
+++ b/src/lib/crypto/dk/dk.h
@@ -85,7 +85,7 @@ krb5_error_code krb5_dk_make_checksum
 		const krb5_data *input, krb5_data *output);
 
 krb5_error_code
-krb5_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
+krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
 		          const krb5_keyblock *key, krb5_keyusage usage,
 			  const krb5_crypto_iov *data, size_t num_data,
 			  krb5_data *output);
@@ -100,3 +100,25 @@ krb5_derive_random(const struct krb5_enc_provider *enc,
 extern const struct krb5_aead_provider krb5int_aead_dk;
 extern const struct krb5_aead_provider krb5int_aead_aes;
 
+/* CCM */
+
+void
+krb5int_ccm_encrypt_length(const struct krb5_enc_provider *enc,
+			   const struct krb5_hash_provider *hash,
+			   size_t inputlen, size_t *length);
+
+extern const struct krb5_aead_provider krb5int_aead_ccm;
+
+krb5_error_code krb5int_ccm_encrypt
+(const struct krb5_enc_provider *enc,
+		const struct krb5_hash_provider *hash,
+		const krb5_keyblock *key, krb5_keyusage usage,
+		const krb5_data *ivec, const krb5_data *input,
+		krb5_data *arg_output);
+
+krb5_error_code krb5int_ccm_decrypt
+(const struct krb5_enc_provider *enc,
+		const struct krb5_hash_provider *hash,
+		const krb5_keyblock *key, krb5_keyusage usage,
+		const krb5_data *ivec, const krb5_data *input,
+		krb5_data *arg_output);
diff --git a/src/lib/crypto/dk/dk_aead.c b/src/lib/crypto/dk/dk_aead.c
index ef40700e15..8abf5af5f4 100644
--- a/src/lib/crypto/dk/dk_aead.c
+++ b/src/lib/crypto/dk/dk_aead.c
@@ -176,7 +176,7 @@ krb5int_dk_encrypt_iov(const struct krb5_aead_provider *aead,
     d2.length = hash->hashsize;
     d2.data = (char *)cksum;
 
-    ret = krb5_hmac_iov(hash, &ki, data, num_data, &d2);
+    ret = krb5int_hmac_iov(hash, &ki, data, num_data, &d2);
     if (ret != 0)
 	goto cleanup;
 
@@ -230,6 +230,11 @@ krb5int_dk_decrypt_iov(const struct krb5_aead_provider *aead,
     unsigned int hmacsize = 0;
     unsigned char *cksum = NULL;
 
+    if (krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_STREAM) != NULL) {
+	return krb5int_c_iov_decrypt_stream(aead, enc, hash, key,
+					    usage, ivec, data, num_data);
+    }
+
     ke.contents = ki.contents = NULL;
     ke.length = ki.length = 0;
 
@@ -252,7 +257,7 @@ krb5int_dk_decrypt_iov(const struct krb5_aead_provider *aead,
 
     if (blocksize == 0) {
 	/* Check for correct input length in CTS mode */
-        if (enc->block_size != 0 && cipherlen < enc->block_size)
+	if (enc->block_size != 0 && cipherlen < enc->block_size)
 	    return KRB5_BAD_MSIZE;
     } else {
 	/* Check that the input data is correctly padded */
@@ -321,7 +326,7 @@ krb5int_dk_decrypt_iov(const struct krb5_aead_provider *aead,
     d1.length = hash->hashsize; /* non-truncated length */
     d1.data = (char *)cksum;
 
-    ret = krb5_hmac_iov(hash, &ki, data, num_data, &d1);
+    ret = krb5int_hmac_iov(hash, &ki, data, num_data, &d1);
     if (ret != 0)
 	goto cleanup;
author	Sam Hartman <hartmans@mit.edu>	2009-01-03 23:19:42 +0000
committer	Sam Hartman <hartmans@mit.edu>	2009-01-03 23:19:42 +0000
commit	0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d (patch)
tree	2049c9c2cb135fe36b14c0a171711259258d18ec /src/lib/crypto/dk
parent	ff0a6514c9f4230938c29922d69cbd4e83691adf (diff)
download	krb5-0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d.tar.gz krb5-0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d.tar.xz krb5-0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d.zip