Crypto modularity proj: Separate files under crypto directory based on their functionality. Move Kerberos specific files into krb subdir and MIT specific - into builtin subdir. Place all tests into crypto_tests subfolder.

bigredbutton: whitespace git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22477 dc483132-0cff-0310-8789-dd5450dbe970
author: Zhanna Tsitkov <tsitkova@mit.edu> 2009-08-03 14:19:16 +0000
committer: Zhanna Tsitkov <tsitkova@mit.edu> 2009-08-03 14:19:16 +0000
commit: 3c40c7f134b4e87baa43b0cacb435b6f96245e2f (patch)
tree: 2b1014db60c1d3941f17a4d00221e07cc5cece62 /src/lib/crypto/arcfour
parent: ab7ffb919b4ee5ee5bc07f987d9163202a632e6a (diff)
7 files changed, 0 insertions, 873 deletions
diff --git a/src/lib/crypto/arcfour/Makefile.in b/src/lib/crypto/arcfour/Makefile.in
deleted file mode 100644
index d56deb85f..000000000
--- a/src/lib/crypto/arcfour/Makefile.in
+++ /dev/null
@@ -1,43 +0,0 @@
-thisconfigdir=../../..
-myfulldir=lib/crypto/arcfour
-mydir=lib/crypto/arcfour
-BUILDTOP=$(REL)..$(S)..$(S)..
-LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../md4
-DEFS=
-
-##DOS##BUILDTOP = ..\..\..
-##DOS##PREFIXDIR=arcfour
-##DOS##OBJFILE=..\$(OUTPRE)arcfour.lst
-
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf
-
-STLIBOBJS=\
-	arcfour.o	\
-	arcfour_aead.o	\
-	arcfour_s2k.o
-
-OBJS=\
-	$(OUTPRE)arcfour.$(OBJEXT)	\
-	$(OUTPRE)arcfour_aead.$(OBJEXT)	\
-	$(OUTPRE)arcfour_s2k.$(OBJEXT)
-
-SRCS=\
-	$(srcdir)/arcfour.c	\
-	$(srcdir)/arcfour_aead.c\
-	$(srcdir)/arcfour_s2k.c
-
-##DOS##LIBOBJS = $(OBJS)
-
-all-unix:: all-libobjs
-
-includes:: depend
-
-depend:: $(SRCS)
-
-clean-unix:: clean-libobjs
-
-@libobj_frag@
-
diff --git a/src/lib/crypto/arcfour/arcfour-int.h b/src/lib/crypto/arcfour/arcfour-int.h
deleted file mode 100644
index efd7a0282..000000000
--- a/src/lib/crypto/arcfour/arcfour-int.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-
-ARCFOUR cipher (based on a cipher posted on the Usenet in Spring-95).
-This cipher is widely believed and has been tested to be equivalent
-with the RC4 cipher from RSA Data Security, Inc.  (RC4 is a trademark
-of RSA Data Security)
-
-*/
-#ifndef ARCFOUR_INT_H
-#define ARCFOUR_INT_H
-
-#include "arcfour.h"
-
-#define CONFOUNDERLENGTH 8
-
-typedef struct
-{
-   unsigned int x;
-   unsigned int y;
-   unsigned char state[256];
-} ArcfourContext;
-
-typedef struct {
-  int initialized;
-  ArcfourContext ctx;
-} ArcFourCipherState;
-
-krb5_keyusage krb5int_arcfour_translate_usage(krb5_keyusage usage);
-
-extern const char *const krb5int_arcfour_l40;
-
-#endif /* ARCFOUR_INT_H */
diff --git a/src/lib/crypto/arcfour/arcfour.c b/src/lib/crypto/arcfour/arcfour.c
deleted file mode 100644
index 7e527cf89..000000000
--- a/src/lib/crypto/arcfour/arcfour.c
+++ /dev/null
@@ -1,334 +0,0 @@
-/*
-
-ARCFOUR cipher (based on a cipher posted on the Usenet in Spring-95).
-This cipher is widely believed and has been tested to be equivalent
-with the RC4 cipher from RSA Data Security, Inc.  (RC4 is a trademark
-of RSA Data Security)
-
-*/
-#include "k5-int.h"
-#include "arcfour-int.h"
-#include "../hash_provider/hash_provider.h"
-
-const char *const krb5int_arcfour_l40 = "fortybits";
-
-void
-krb5_arcfour_encrypt_length(const struct krb5_enc_provider *enc,
-			    const struct krb5_hash_provider *hash,
-			    size_t inputlen, size_t *length)
-{
-  size_t blocksize, hashsize;
-
-  blocksize = enc->block_size;
-  hashsize = hash->hashsize;
-
-  /* checksum + (confounder + inputlen, in even blocksize) */
-  *length = hashsize + krb5_roundup(8 + inputlen, blocksize);
-}
-
- krb5_keyusage
- krb5int_arcfour_translate_usage(krb5_keyusage usage)
-{
-  switch (usage) {
-  case 1:			/* AS-REQ PA-ENC-TIMESTAMP padata timestamp,  */
-    return 1;
-  case 2:			/* ticket from kdc */
-    return 2;
-  case 3:			/* as-rep encrypted part */
-    return 8;
-  case 4:			/* tgs-req authz data */
-    return 4;
-  case 5:			/* tgs-req authz data in subkey */
-    return 5;
-  case 6:			/* tgs-req authenticator cksum */
-    return 6;			
-case 7:				/* tgs-req authenticator */
-  return 7;
-    case 8:
-    return 8;
-  case 9:			/* tgs-rep encrypted with subkey */
-    return 9;
-  case 10:			/* ap-rep authentication cksum */
-    return 10;			/* xxx  Microsoft never uses this*/
-  case 11:			/* app-req authenticator */
-    return 11;
-  case 12:			/* app-rep encrypted part */
-    return 12;
-  case 23: /* sign wrap token*/
-    return 13;
-  default:
-      return usage;
-}
-}
-
-krb5_error_code
-krb5_arcfour_encrypt(const struct krb5_enc_provider *enc,
-		     const struct krb5_hash_provider *hash,
-		     const krb5_keyblock *key, krb5_keyusage usage,
-		     const krb5_data *ivec, const krb5_data *input,
-		     krb5_data *output)
-{
-  krb5_keyblock k1, k2, k3;
-  krb5_data d1, d2, d3, salt, plaintext, checksum, ciphertext, confounder;
-  krb5_keyusage ms_usage;
-  size_t keylength, keybytes, blocksize, hashsize;
-  krb5_error_code ret;
-
-  blocksize = enc->block_size;
-  keybytes = enc->keybytes;
-  keylength = enc->keylength;
-  hashsize = hash->hashsize;
-  
-  d1.length=keybytes;
-  d1.data=malloc(d1.length);
-  if (d1.data == NULL)
-    return (ENOMEM);
-  k1 = *key;
-  k1.length=d1.length;
-  k1.contents= (void *) d1.data;
-
-  d2.length=keybytes;
-  d2.data=malloc(d2.length);
-  if (d2.data == NULL) {
-    free(d1.data);
-    return (ENOMEM);
-  }
-  k2 = *key;
-  k2.length=d2.length;
-  k2.contents=(void *) d2.data;
-
-  d3.length=keybytes;
-  d3.data=malloc(d3.length);
-  if (d3.data == NULL) {
-    free(d1.data);
-    free(d2.data);
-    return (ENOMEM);
-  }
-  k3 = *key;
-  k3.length=d3.length;
-  k3.contents= (void *) d3.data;
-  
-  salt.length=14;
-  salt.data=malloc(salt.length);
-  if (salt.data == NULL) {
-    free(d1.data);
-    free(d2.data);
-    free(d3.data);
-    return (ENOMEM);
-  }
-
-  /* is "input" already blocksize aligned?  if it is, then we need this
-     step, otherwise we do not */
-  plaintext.length=krb5_roundup(input->length+CONFOUNDERLENGTH,blocksize);
-  plaintext.data=malloc(plaintext.length);
-  if (plaintext.data == NULL) {
-    free(d1.data);
-    free(d2.data);
-    free(d3.data);
-    free(salt.data);
-    return(ENOMEM);
-  }
-
-  /* setup convienient pointers into the allocated data */
-  checksum.length=hashsize;
-  checksum.data=output->data;
-  ciphertext.length=krb5_roundup(input->length+CONFOUNDERLENGTH,blocksize);
-  ciphertext.data=output->data+hashsize;
-  confounder.length=CONFOUNDERLENGTH;
-  confounder.data=plaintext.data;
-  output->length = plaintext.length+hashsize;
-  
-  /* begin the encryption, computer K1 */
-  ms_usage=krb5int_arcfour_translate_usage(usage);
-  if (key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
-    strncpy(salt.data, krb5int_arcfour_l40, salt.length);
-    store_32_le(ms_usage, salt.data+10);
-  } else {
-    salt.length=4;
-    store_32_le(ms_usage, salt.data);
-  }
-  krb5_hmac(hash, key, 1, &salt, &d1);
-
-  memcpy(k2.contents, k1.contents, k2.length);
-
-  if (key->enctype==ENCTYPE_ARCFOUR_HMAC_EXP)
-    memset(k1.contents+7, 0xab, 9);
-
-  ret=krb5_c_random_make_octets(/* XXX */ 0, &confounder);
-  memcpy(plaintext.data+confounder.length, input->data, input->length);
-  if (ret)
-    goto cleanup;
-
-  krb5_hmac(hash, &k2, 1, &plaintext, &checksum);
-
-  krb5_hmac(hash, &k1, 1, &checksum, &d3);
-
-  ret=(*(enc->encrypt))(&k3, ivec, &plaintext, &ciphertext);
-    
- cleanup:
-  memset(d1.data, 0, d1.length);
-  memset(d2.data, 0, d2.length);
-  memset(d3.data, 0, d3.length);
-  memset(salt.data, 0, salt.length);
-  memset(plaintext.data, 0, plaintext.length);
-
-  free(d1.data);
-  free(d2.data);
-  free(d3.data);
-  free(salt.data);
-  free(plaintext.data);
-  return (ret);
-}
-
-/* This is the arcfour-hmac decryption routine */
-krb5_error_code
-krb5_arcfour_decrypt(const struct krb5_enc_provider *enc,
-		     const struct krb5_hash_provider *hash,
-		     const krb5_keyblock *key, krb5_keyusage usage,
-		     const krb5_data *ivec, const krb5_data *input,
-		     krb5_data *output)
-{
-  krb5_keyblock k1,k2,k3;
-  krb5_data d1,d2,d3,salt,ciphertext,plaintext,checksum;
-  krb5_keyusage ms_usage;
-  size_t keybytes, keylength, hashsize, blocksize;
-  krb5_error_code ret;
-
-  blocksize = enc->block_size;
-  keybytes = enc->keybytes;
-  keylength = enc->keylength;
-  hashsize = hash->hashsize;
-
-  d1.length=keybytes;
-  d1.data=malloc(d1.length);
-  if (d1.data == NULL)
-    return (ENOMEM);
-  k1 = *key;
-  k1.length=d1.length;
-  k1.contents= (void *) d1.data;
-  
-  d2.length=keybytes;
-  d2.data=malloc(d2.length);
-  if (d2.data == NULL) {
-    free(d1.data);
-    return (ENOMEM);
-  }
-  k2 = *key;
-  k2.length=d2.length;
-  k2.contents= (void *) d2.data;
-
-  d3.length=keybytes;
-  d3.data=malloc(d3.length);
-  if  (d3.data == NULL) {
-    free(d1.data);
-    free(d2.data);
-    return (ENOMEM);
-  }
-  k3 = *key;
-  k3.length=d3.length;
-  k3.contents= (void *) d3.data;
-
-  salt.length=14;
-  salt.data=malloc(salt.length);
-  if(salt.data==NULL) {
-    free(d1.data);
-    free(d2.data);
-    free(d3.data);
-    return (ENOMEM);
-  }
-
-  ciphertext.length=input->length-hashsize;
-  ciphertext.data=input->data+hashsize;
-  plaintext.length=ciphertext.length;
-  plaintext.data=malloc(plaintext.length);
-  if (plaintext.data == NULL) {
-    free(d1.data);
-    free(d2.data);
-    free(d3.data);
-    free(salt.data);
-    return (ENOMEM);
-  }
-
-  checksum.length=hashsize;
-  checksum.data=input->data;
-
-  ms_usage=krb5int_arcfour_translate_usage(usage);
-
-  /* We may have to try two ms_usage values; see below. */
-  do {
-      /* compute the salt */
-      if (key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
-	  strncpy(salt.data, krb5int_arcfour_l40, salt.length);
-	  store_32_le(ms_usage, salt.data + 10);
-      } else {
-	  salt.length = 4;
-	  store_32_le(ms_usage, salt.data);
-      }
-      ret = krb5_hmac(hash, key, 1, &salt, &d1);
-      if (ret)
-	  goto cleanup;
-
-      memcpy(k2.contents, k1.contents, k2.length);
-
-      if (key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
-	  memset(k1.contents + 7, 0xab, 9);
-  
-      ret = krb5_hmac(hash, &k1, 1, &checksum, &d3);
-      if (ret)
-	  goto cleanup;
-
-      ret = (*(enc->decrypt))(&k3, ivec, &ciphertext, &plaintext);
-      if (ret)
-	  goto cleanup;
-
-      ret = krb5_hmac(hash, &k2, 1, &plaintext, &d1);
-      if (ret)
-	  goto cleanup;
-
-      if (memcmp(checksum.data, d1.data, hashsize) != 0) {
-	  if (ms_usage == 9) {
-	      /*
-	       * RFC 4757 specifies usage 8 for TGS-REP encrypted
-	       * parts encrypted in a subkey, but the value used by MS
-	       * is actually 9.  We now use 9 to start with, but fall
-	       * back to 8 on failure in case we are communicating
-	       * with a KDC using the value from the RFC.
-	       */
-	      ms_usage = 8;
-	      continue;
-	  }
-	  ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	  goto cleanup;
-      }
-
-      break;
-  } while (1);
-
-  memcpy(output->data, plaintext.data+CONFOUNDERLENGTH,
-	 (plaintext.length-CONFOUNDERLENGTH));
-  output->length=plaintext.length-CONFOUNDERLENGTH;
-
- cleanup:
-  memset(d1.data, 0, d1.length);
-  memset(d2.data, 0, d2.length);
-  memset(d3.data, 0, d2.length);
-  memset(salt.data, 0, salt.length);
-  memset(plaintext.data, 0, plaintext.length);
-
-  free(d1.data);
-  free(d2.data);
-  free(d3.data);
-  free(salt.data);
-  free(plaintext.data);
-  return (ret);
-}
-
- krb5_error_code krb5int_arcfour_prf(
-					 const struct krb5_enc_provider *enc,
-					 const struct krb5_hash_provider *hash,
-					 const krb5_keyblock *key,
-					 const krb5_data *in, krb5_data *out)
- {
-   assert(out->length == 20);
-   return krb5_hmac(&krb5int_hash_sha1, key, 1, in, out);
- }
diff --git a/src/lib/crypto/arcfour/arcfour.h b/src/lib/crypto/arcfour/arcfour.h
deleted file mode 100644
index be408febc..000000000
--- a/src/lib/crypto/arcfour/arcfour.h
+++ /dev/null
@@ -1,43 +0,0 @@
-#ifndef ARCFOUR_H
-#define ARCFOUR_H
-
-extern void
-krb5_arcfour_encrypt_length(const struct krb5_enc_provider *,
-			const struct krb5_hash_provider *,
-			size_t,
-			size_t *);
-
-extern 
-krb5_error_code krb5_arcfour_encrypt(const struct krb5_enc_provider *,
-			const struct krb5_hash_provider *,
-			const krb5_keyblock *,
-			krb5_keyusage,
-			const krb5_data *,
-     			const krb5_data *,
-			krb5_data *);
-
-extern 
-krb5_error_code krb5_arcfour_decrypt(const struct krb5_enc_provider *,
-			const struct krb5_hash_provider *,
-			const krb5_keyblock *,
-			krb5_keyusage,
-			const krb5_data *,
-			const krb5_data *,
-			krb5_data *);
-
-extern krb5_error_code krb5int_arcfour_string_to_key(
-     const struct krb5_enc_provider *,
-     const krb5_data *,
-     const krb5_data *,
-     const krb5_data *,
-     krb5_keyblock *);
-
-extern const struct krb5_enc_provider krb5int_enc_arcfour;
-extern const struct krb5_aead_provider krb5int_aead_arcfour;
- krb5_error_code krb5int_arcfour_prf(
-					 const struct krb5_enc_provider *enc,
-					 const struct krb5_hash_provider *hash,
-					 const krb5_keyblock *key,
-					 const krb5_data *in, krb5_data *out);
-
-#endif /* ARCFOUR_H */
diff --git a/src/lib/crypto/arcfour/arcfour_aead.c b/src/lib/crypto/arcfour/arcfour_aead.c
deleted file mode 100644
index cff7d66d6..000000000
--- a/src/lib/crypto/arcfour/arcfour_aead.c
+++ /dev/null
@@ -1,325 +0,0 @@
-/*
- * lib/crypto/arcfour/arcfour_aead.c
- *
- * Copyright 2008 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-
-#include "k5-int.h"
-#include "arcfour.h"
-#include "arcfour-int.h"
-#include "aead.h"
-
-/* AEAD */
-
-static krb5_error_code
-krb5int_arcfour_crypto_length(const struct krb5_aead_provider *aead,
-			      const struct krb5_enc_provider *enc,
-			      const struct krb5_hash_provider *hash,
-			      krb5_cryptotype type,
-			      unsigned int *length)
-{
-    switch (type) {
-    case KRB5_CRYPTO_TYPE_HEADER:
-	*length = hash->hashsize + CONFOUNDERLENGTH;
-	break;
-    case KRB5_CRYPTO_TYPE_PADDING:
-	*length = 0;
-	break;
-    case KRB5_CRYPTO_TYPE_TRAILER:
-	*length = 0;
-	break;
-    case KRB5_CRYPTO_TYPE_CHECKSUM:
-	*length = hash->hashsize;
-	break;
-    default:
-	assert(0 && "invalid cryptotype passed to krb5int_arcfour_crypto_length");
-	break;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-alloc_derived_key(const struct krb5_enc_provider *enc,
-		  krb5_keyblock *dst,
-		  krb5_data *data,
-		  const krb5_keyblock *src)
-{
-    data->length = enc->keybytes;
-    data->data = malloc(data->length);
-    if (data->data == NULL)
-	return ENOMEM;
-
-    *dst = *src;
-    dst->length = data->length;
-    dst->contents = (void *)data->data;
-
-    return 0;
-}
-
-static krb5_error_code
-krb5int_arcfour_encrypt_iov(const struct krb5_aead_provider *aead,
-			    const struct krb5_enc_provider *enc,
-			    const struct krb5_hash_provider *hash,
-			    const krb5_keyblock *key,
-			    krb5_keyusage usage,
-			    const krb5_data *ivec,
-			    krb5_crypto_iov *data,
-			    size_t num_data)
-{
-    krb5_error_code ret;
-    krb5_crypto_iov *header, *trailer;
-    krb5_keyblock k1, k2, k3;
-    krb5_data d1, d2, d3;
-    krb5_data checksum, confounder, header_data;
-    krb5_keyusage ms_usage;
-    char salt_data[14];
-    krb5_data salt;
-    size_t i;
-
-    d1.length = d2.length = d3.length = 0;
-    d1.data = d2.data = d3.data = NULL;
-
-    /*
-     * Caller must have provided space for the header, padding
-     * and trailer; per RFC 4757 we will arrange it as:
-     *
-     *	    Checksum | E(Confounder | Plaintext) 
-     */
-
-    header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
-    if (header == NULL ||
-	header->data.length < hash->hashsize + CONFOUNDERLENGTH)
-	return KRB5_BAD_MSIZE;
-
-    header_data = header->data;
-
-    /* Trailer may be absent */
-    trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
-    if (trailer != NULL)
-	trailer->data.length = 0;
-
-    /* Ensure that there is no padding */
-    for (i = 0; i < num_data; i++) {
-	if (data[i].flags == KRB5_CRYPTO_TYPE_PADDING)
-	    data[i].data.length = 0;
-    }
-
-    ret = alloc_derived_key(enc, &k1, &d1, key);
-    if (ret != 0)
-	goto cleanup;
-
-    ret = alloc_derived_key(enc, &k2, &d2, key);
-    if (ret != 0)
-	goto cleanup;
-
-    ret = alloc_derived_key(enc, &k3, &d3, key);
-    if (ret != 0)
-	goto cleanup;
-
-    /* Begin the encryption, compute K1 */
-    salt.data = salt_data;
-    salt.length = sizeof(salt_data);
-
-    ms_usage = krb5int_arcfour_translate_usage(usage);
-
-    if (key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
-	strncpy(salt.data, krb5int_arcfour_l40, salt.length);
-	store_32_le(ms_usage, salt.data + 10);
-    } else {
-	salt.length = 4;
-	store_32_le(ms_usage, salt.data);
-    }
-    ret = krb5_hmac(hash, key, 1, &salt, &d1);
-    if (ret != 0)
-	goto cleanup;
-
-    memcpy(k2.contents, k1.contents, k2.length);
-
-    if (key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
-	memset(k1.contents + 7, 0xAB, 9);
-
-    header->data.length = hash->hashsize + CONFOUNDERLENGTH;
-
-    confounder.data = header->data.data + hash->hashsize;
-    confounder.length = CONFOUNDERLENGTH;
-
-    ret = krb5_c_random_make_octets(0, &confounder);
-    if (ret != 0)
-	goto cleanup;
-
-    checksum.data = header->data.data;
-    checksum.length = hash->hashsize;
-
-    /* Adjust pointers so confounder is at start of header */
-    header->data.length -= hash->hashsize;
-    header->data.data   += hash->hashsize;
-
-    ret = krb5int_hmac_iov(hash, &k2, data, num_data, &checksum);
-    if (ret != 0)
-	goto cleanup;
-
-    ret = krb5_hmac(hash, &k1, 1, &checksum, &d3);
-    if (ret != 0)
-	goto cleanup;
-
-    ret = enc->encrypt_iov(&k3, ivec, data, num_data);
-    if (ret != 0)
-	goto cleanup;
-
-cleanup:
-    header->data = header_data; /* restore header pointers */
-
-    if (d1.data != NULL) {
-	memset(d1.data, 0, d1.length);
-	free(d1.data);
-    }
-    if (d2.data != NULL) {
-	memset(d2.data, 0, d2.length);
-	free(d2.data);
-    }
-    if (d3.data != NULL) {
-	memset(d3.data, 0, d3.length);
-	free(d3.data);
-    }
-
-    return ret;
-}
-
-static krb5_error_code
-krb5int_arcfour_decrypt_iov(const struct krb5_aead_provider *aead,
-			    const struct krb5_enc_provider *enc,
-			    const struct krb5_hash_provider *hash,
-			    const krb5_keyblock *key,
-			    krb5_keyusage usage,
-			    const krb5_data *ivec,
-			    krb5_crypto_iov *data,
-			    size_t num_data)
-{
-    krb5_error_code ret;
-    krb5_crypto_iov *header, *trailer;
-    krb5_keyblock k1, k2, k3;
-    krb5_data d1, d2, d3;
-    krb5_data checksum, header_data;
-    krb5_keyusage ms_usage;
-    char salt_data[14];
-    krb5_data salt;
-
-    d1.length = d2.length = d3.length = 0;
-    d1.data = d2.data = d3.data = NULL;
-
-    header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
-    if (header == NULL ||
-        header->data.length != hash->hashsize + CONFOUNDERLENGTH)
-	return KRB5_BAD_MSIZE;
-
-    header_data = header->data;
-
-    trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
-    if (trailer != NULL && trailer->data.length != 0)
-	return KRB5_BAD_MSIZE;
-    
-    ret = alloc_derived_key(enc, &k1, &d1, key);
-    if (ret != 0)
-	goto cleanup;
-
-    ret = alloc_derived_key(enc, &k2, &d2, key);
-    if (ret != 0)
-	goto cleanup;
-
-    ret = alloc_derived_key(enc, &k3, &d3, key);
-    if (ret != 0)
-	goto cleanup;
-
-    /* Begin the decryption, compute K1 */
-    salt.data = salt_data;
-    salt.length = sizeof(salt_data);
-
-    ms_usage = krb5int_arcfour_translate_usage(usage);
-
-    if (key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
-	strncpy(salt.data, krb5int_arcfour_l40, salt.length);
-	store_32_le(ms_usage, (unsigned char *)salt.data + 10);
-    } else {
-	salt.length = 4;
-	store_32_le(ms_usage, (unsigned char *)salt.data);
-    }
-    ret = krb5_hmac(hash, key, 1, &salt, &d1);
-    if (ret != 0)
-	goto cleanup;
-
-    memcpy(k2.contents, k1.contents, k2.length);
-
-    if (key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
-	memset(k1.contents + 7, 0xAB, 9);
-
-    checksum.data = header->data.data;
-    checksum.length = hash->hashsize;
-
-    /* Adjust pointers so confounder is at start of header */
-    header->data.length -= hash->hashsize;
-    header->data.data   += hash->hashsize;
-
-    ret = krb5_hmac(hash, &k1, 1, &checksum, &d3);
-    if (ret != 0)
-	goto cleanup;
-
-    ret = enc->decrypt_iov(&k3, ivec, data, num_data);
-    if (ret != 0)
-	goto cleanup;
-
-    ret = krb5int_hmac_iov(hash, &k2, data, num_data, &d1);
-    if (ret != 0)
-	goto cleanup;
-
-    if (memcmp(checksum.data, d1.data, hash->hashsize) != 0) {
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	goto cleanup;
-    }
-
-cleanup:
-    header->data = header_data; /* restore header pointers */
-
-    if (d1.data != NULL) {
-	memset(d1.data, 0, d1.length);
-	free(d1.data);
-    }
-    if (d2.data != NULL) {
-	memset(d2.data, 0, d2.length);
-	free(d2.data);
-    }
-    if (d3.data != NULL) {
-	memset(d3.data, 0, d3.length);
-	free(d3.data);
-    }
-
-    return ret;
-}
-
-const struct krb5_aead_provider krb5int_aead_arcfour = {
-    krb5int_arcfour_crypto_length,
-    krb5int_arcfour_encrypt_iov,
-    krb5int_arcfour_decrypt_iov
-};
-
diff --git a/src/lib/crypto/arcfour/arcfour_s2k.c b/src/lib/crypto/arcfour/arcfour_s2k.c
deleted file mode 100644
index 41053ed17..000000000
--- a/src/lib/crypto/arcfour/arcfour_s2k.c
+++ /dev/null
@@ -1,59 +0,0 @@
-#include "k5-int.h"
-#include "k5-utf8.h"
-#include "rsa-md4.h"
-#include "arcfour-int.h"
-
-#if TARGET_OS_MAC && !defined(DEPEND)
-#include <CoreFoundation/CFString.h>
-#endif
-
-krb5_error_code
-krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc,
-			      const krb5_data *string, const krb5_data *salt,
-			      const krb5_data *params, krb5_keyblock *key)
-{
-  krb5_error_code err = 0;
-  krb5_MD4_CTX md4_context;
-  unsigned char *copystr;
-  size_t copystrlen;
-
-  if (params != NULL)
-      return KRB5_ERR_BAD_S2K_PARAMS;
-  
-  if (key->length != 16)
-    return (KRB5_BAD_MSIZE);
-
-  /* We ignore salt per the Microsoft spec*/
-
-  /* compute the space needed for the new string.
-     Since the password must be stored in unicode, we need to increase
-     that number by 2x.
-  */
-
-  err = krb5int_utf8cs_to_ucs2les(string->data, string->length, &copystr, &copystrlen);
-  if (err)
-    return err;
-
-  /* the actual MD4 hash of the data */
-  krb5_MD4Init(&md4_context);
-  krb5_MD4Update(&md4_context, copystr, copystrlen);
-  krb5_MD4Final(&md4_context);
-  memcpy(key->contents, md4_context.digest, 16);
-
-#if 0  
-  /* test the string_to_key function */
-  printf("Hash=");
-  {
-    int counter;
-    for(counter=0;counter<16;counter++)
-      printf("%02x", md4_context.digest[counter]);
-    printf("\n");
-  }
-#endif /* 0 */
-
-  /* Zero out the data behind us */
-  memset(copystr, 0, copystrlen);
-  memset(&md4_context, 0, sizeof(md4_context));
-  free(copystr);
-  return err;
-}
diff --git a/src/lib/crypto/arcfour/deps b/src/lib/crypto/arcfour/deps
deleted file mode 100644
index ee6faef82..000000000
--- a/src/lib/crypto/arcfour/deps
+++ /dev/null
@@ -1,37 +0,0 @@
-# 
-# Generated makefile dependencies follow.
-#
-arcfour.so arcfour.po $(OUTPRE)arcfour.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../hash_provider/hash_provider.h arcfour-int.h \
-  arcfour.c arcfour.h
-arcfour_aead.so arcfour_aead.po $(OUTPRE)arcfour_aead.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \
-  $(srcdir)/../cksumtypes.h arcfour-int.h arcfour.h arcfour_aead.c
-arcfour_s2k.so arcfour_s2k.po $(OUTPRE)arcfour_s2k.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/k5-utf8.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../md4/rsa-md4.h arcfour-int.h arcfour.h \
-  arcfour_s2k.c
author	Zhanna Tsitkov <tsitkova@mit.edu>	2009-08-03 14:19:16 +0000
committer	Zhanna Tsitkov <tsitkova@mit.edu>	2009-08-03 14:19:16 +0000
commit	3c40c7f134b4e87baa43b0cacb435b6f96245e2f (patch)
tree	2b1014db60c1d3941f17a4d00221e07cc5cece62 /src/lib/crypto/arcfour
parent	ab7ffb919b4ee5ee5bc07f987d9163202a632e6a (diff)