Add platform-dependent 64-bit and inline-function support via new header

k5-platform.h.  Add 64-bit serializer support.  [Not needed for ticket 1471,
but needed for 2040 and annoying to check in separately.]

Add to (internal for now) crypto API a function to get the mandatory checksum
type associated with an enctype.

New support for server-generated subkey, selected via an auth_context flag.

ticket: 1471
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15908 dc483132-0cff-0310-8789-dd5450dbe970

5 files changed, 184 insertions, 16 deletions

diff --git a/src/include/ChangeLog b/src/include/ChangeLog
index 84602683f..d6cffd004 100644
--- a/src/include/ChangeLog
+++ b/src/include/ChangeLog
@@ -1,3 +1,21 @@
+2003-12-13  Ken Raeburn  <raeburn@mit.edu>
+
+	* krb5.hin (KRB5_AUTH_CONTEXT_USE_SUBKEY): New macro.
+
+	* k5-int.h (struct krb5_keytypes): Added field required_ctype.
+	(krb5int_c_mandatory_cksumtype): New declaration.
+	(krb5int_generate_and_set_subkey): Declare.
+	(memset) [__GNUC__ && __GLIBC__]: Undef, to reduce compilation
+	warnings in zap() macro with volatile pointer.
+
+	* k5-platform.h: New header file.  Manages inline-function and
+	64-bit support, in platform-specific ways.
+	* fake-addrinfo.h: Include k5-platform.h.
+	(inline): Don't define here.
+	* k5-int.h: Include k5-platform.h.
+	(krb5_ui_8, krb5_int64): New typedefs.
+	(krb5_ser_pack_int64, krb5_ser_unpack_int64): New function decls.
+
 2003-10-08  Tom Yu  <tlyu@mit.edu>
 
 	* k5-int.h: Add prototypes for decode_krb5_safe_with_body and
diff --git a/src/include/fake-addrinfo.h b/src/include/fake-addrinfo.h
index e620357da..9d122e392 100644
--- a/src/include/fake-addrinfo.h
+++ b/src/include/fake-addrinfo.h
@@ -101,21 +101,7 @@
 #define FAI_DEFINED
 #include "port-sockets.h"
 #include "socket-utils.h"
-
-#if !defined(inline)
-# if __STDC_VERSION__ >= 199901L
-/* C99 supports inline, don't do anything.  */
-# elif defined(__GNUC__)
-#  define inline __inline__ /* this form silences -pedantic warnings */
-# elif defined(__mips) && defined(__sgi)
-#  define inline __inline /* IRIX used at MIT does inline but not c99 yet */
-# elif defined(__sun) && __SUNPRO_C >= 0x540
-/* The Forte Developer 7 C compiler supports "inline".  */
-# else
-#  define inline /* nothing, just static */
-# endif
-# define ADDRINFO_UNDEF_INLINE
-#endif
+#include "k5-platform.h"
 
 #ifdef S_SPLINT_S
 /*@-incondefs@*/
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index ebcd2135f..82bc29117 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -136,6 +136,13 @@ typedef unsigned char	u_char;
 #endif /* HAVE_SYS_TYPES_H */
 #endif /* KRB5_SYSTYPES__ */
 
+
+#include "k5-platform.h"
+/* not used in krb5.h (yet) */
+typedef UINT64_TYPE krb5_ui_8;
+typedef INT64_TYPE krb5_int64;
+
+
 #define DEFAULT_PWD_STRING1 "Enter password"
 #define DEFAULT_PWD_STRING2 "Re-enter password for verification"
 
@@ -631,6 +638,7 @@ struct krb5_keytypes {
     krb5_crypt_func encrypt;
     krb5_crypt_func decrypt;
     krb5_str2key_func str2key;
+    krb5_cksumtype required_ctype;
 };
 
 struct krb5_cksumtypes {
@@ -680,6 +688,12 @@ krb5_error_code krb5int_pbkdf2_hmac_sha1 (const krb5_data *, unsigned long,
 
 /* Make this a function eventually?  */
 #define krb5int_zap_data(ptr, len) memset((volatile void *)ptr, 0, len)
+#if defined(__GNUC__) && defined(__GLIBC__)
+/* GNU libc generates multiple bogus initialization warnings if we
+   pass memset a volatile pointer.  The compiler should do well enough
+   with memset even without GNU libc's attempt at optimization.  */
+#undef memset
+#endif
 #define zap(p,l) krb5int_zap_data(p,l)
 
 /* A definition of init_state for DES based encryption systems.
@@ -1585,6 +1599,11 @@ krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int32
 	(krb5_int32 *,
 		krb5_octet **,
 		size_t *);
+/* [De]serialize 8-byte integer */
+krb5_error_code KRB5_CALLCONV krb5_ser_pack_int64
+	(krb5_int64, krb5_octet **, size_t *);
+krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int64
+	(krb5_int64 *, krb5_octet **, size_t *);
 /* [De]serialize byte string */
 krb5_error_code KRB5_CALLCONV krb5_ser_pack_bytes
 	(krb5_octet *,
@@ -1607,6 +1626,10 @@ krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred_default
 void krb5int_set_prompt_types
 	(krb5_context, krb5_prompt_type *);
 
+krb5_error_code
+krb5int_generate_and_save_subkey (krb5_context, krb5_auth_context,
+				  krb5_keyblock * /* Old keyblock, not new!  */);
+
 /* set and change password helpers */
 
 krb5_error_code krb5int_mk_chpw_req
@@ -1910,4 +1933,8 @@ extern const krb5_kt_ops krb5_kt_dfl_ops;
 
 extern krb5_error_code krb5int_translate_gai_error (int);
 
+/* Not sure it's ready for exposure just yet.  */
+extern krb5_error_code
+krb5int_c_mandatory_cksumtype (krb5_context, krb5_enctype, krb5_cksumtype *);
+
 #endif /* _KRB5_INT_H */
diff --git a/src/include/k5-platform.h b/src/include/k5-platform.h
new file mode 100644
index 000000000..e6d2ad0e4
--- /dev/null
+++ b/src/include/k5-platform.h
@@ -0,0 +1,136 @@
+/* Copyright 2003 Massachusetts Institute of Technology.  All rights reserved.  */
+/* Platform-dependent junk.  */
+
+#ifndef K5_PLATFORM_H
+#define K5_PLATFORM_H
+
+#if !defined(inline)
+# if __STDC_VERSION__ >= 199901L
+/* C99 supports inline, don't do anything.  */
+# elif defined(__GNUC__)
+#  define inline __inline__ /* this form silences -pedantic warnings */
+# elif defined(__mips) && defined(__sgi)
+#  define inline __inline /* IRIX used at MIT does inline but not c99 yet */
+# elif defined(__sun) && __SUNPRO_C >= 0x540
+/* The Forte Developer 7 C compiler supports "inline".  */
+# elif defined(_WIN32)
+#  define inline __inline
+# else
+#  define inline /* nothing, just static */
+# endif
+#endif
+
+#include "autoconf.h"
+
+/* 64-bit support: krb5_ui_8 and krb5_int64.
+
+   This should move to krb5.h eventually, but without the namespace
+   pollution from the autoconf macros.  */
+#if defined(HAVE_STDINT_H) || defined(HAVE_INTTYPES_H)
+# ifdef HAVE_STDINT_H
+#  include <stdint.h>
+# endif
+# ifdef HAVE_INTTYPES_H
+#  include <inttypes.h>
+# endif
+# define INT64_TYPE int64_t
+# define UINT64_TYPE uint64_t
+#elif defined(_WIN32)
+# define INT64_TYPE signed __int64
+# define UINT64_TYPE unsigned __int64
+#else /* not Windows, and neither stdint.h nor inttypes.h */
+# define INT64_TYPE signed long long
+# define UINT64_TYPE unsigned long long
+#endif
+
+/* Read and write integer values as (unaligned) octet strings in
+   specific byte orders.
+
+   Add per-platform optimizations later if needed.  (E.g., maybe x86
+   unaligned word stores and gcc/asm instructions for byte swaps,
+   etc.)  */
+
+static inline void
+store_16_be (unsigned int val, unsigned char *p)
+{
+    p[0] = (val >>  8) & 0xff;
+    p[1] = (val      ) & 0xff;
+}
+static inline void
+store_16_le (unsigned int val, unsigned char *p)
+{
+    p[1] = (val >>  8) & 0xff;
+    p[0] = (val      ) & 0xff;
+}
+static inline void
+store_32_be (unsigned int val, unsigned char *p)
+{
+    p[0] = (val >> 24) & 0xff;
+    p[1] = (val >> 16) & 0xff;
+    p[2] = (val >>  8) & 0xff;
+    p[3] = (val      ) & 0xff;
+}
+static inline void
+store_32_le (unsigned int val, unsigned char *p)
+{
+    p[3] = (val >> 24) & 0xff;
+    p[2] = (val >> 16) & 0xff;
+    p[1] = (val >>  8) & 0xff;
+    p[0] = (val      ) & 0xff;
+}
+static inline void
+store_64_be (UINT64_TYPE val, unsigned char *p)
+{
+    p[0] = (val >> 56) & 0xff;
+    p[1] = (val >> 48) & 0xff;
+    p[2] = (val >> 40) & 0xff;
+    p[3] = (val >> 32) & 0xff;
+    p[4] = (val >> 24) & 0xff;
+    p[5] = (val >> 16) & 0xff;
+    p[6] = (val >>  8) & 0xff;
+    p[7] = (val      ) & 0xff;
+}
+static inline void
+store_64_le (UINT64_TYPE val, unsigned char *p)
+{
+    p[7] = (val >> 56) & 0xff;
+    p[6] = (val >> 48) & 0xff;
+    p[5] = (val >> 40) & 0xff;
+    p[4] = (val >> 32) & 0xff;
+    p[3] = (val >> 24) & 0xff;
+    p[2] = (val >> 16) & 0xff;
+    p[1] = (val >>  8) & 0xff;
+    p[0] = (val      ) & 0xff;
+}
+static inline unsigned short
+load_16_be (unsigned char *p)
+{
+    return (p[1] | (p[0] << 8));
+}
+static inline unsigned short
+load_16_le (unsigned char *p)
+{
+    return (p[0] | (p[1] << 8));
+}
+static inline unsigned int
+load_32_be (unsigned char *p)
+{
+    return (p[3] | (p[2] << 8) | (p[1] << 16) | (p[0] << 24));
+}
+static inline unsigned int
+load_32_le (unsigned char *p)
+{
+    return (p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24));
+}
+static inline UINT64_TYPE
+load_64_be (unsigned char *p)
+{
+    return ((UINT64_TYPE)load_32_be(p) << 32) | load_32_be(p+4);
+}
+static inline UINT64_TYPE
+load_64_le (unsigned char *p)
+{
+    return ((UINT64_TYPE)load_32_le(p+4) << 32) | load_32_le(p);
+}
+
+#endif /* K5_PLATFORM_H */
diff --git a/src/include/krb5.hin b/src/include/krb5.hin
index eae960191..a397cb74a 100644
--- a/src/include/krb5.hin
+++ b/src/include/krb5.hin
@@ -1155,6 +1155,7 @@ typedef struct _krb5_pwd_data {
 #define KRB5_AUTH_CONTEXT_DO_SEQUENCE	0x00000004
 #define KRB5_AUTH_CONTEXT_RET_SEQUENCE	0x00000008
 #define KRB5_AUTH_CONTEXT_PERMIT_ALL	0x00000010
+#define KRB5_AUTH_CONTEXT_USE_SUBKEY	0x00000020
  
 typedef struct krb5_replay_data { 
     krb5_timestamp	timestamp; 
@@ -1169,7 +1170,7 @@ typedef struct krb5_replay_data {
 #define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR	0x00000008
 
 /* type of function used as a callback to generate checksum data for
-	* mk_req*/
+ * mk_req */
 
 typedef krb5_error_code 
 (KRB5_CALLCONV * krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context , void *,