Merge mskrb-integ onto trunk

The mskrb-integ branch includes support for the following projects:
Projects/Aliases
* Projects/PAC and principal APIs
* Projects/AEAD encryption API
* Projects/GSSAPI DCE
* Projects/RFC 3244

In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions.
In the KDC it includes support for protocol transition, constrained delegation
and a new authorization data interface.
The old authorization data interface is also supported.

This commit merges the mskrb-integ branch on to the trunk.
Additional review and testing is required.

Merge commit 'mskrb-integ' into trunk

ticket: new
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 86 insertions, 3 deletions

diff --git a/src/lib/crypto/keyhash_provider/Makefile.in b/src/lib/crypto/keyhash_provider/Makefile.in
index 21d95bcc5..4a232ca63 100644
--- a/src/lib/crypto/keyhash_provider/Makefile.in
+++ b/src/lib/crypto/keyhash_provider/Makefile.in
@@ -16,11 +16,11 @@ PROG_RPATH=$(KRB5_LIBDIR)
 
 RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf
 
-STLIBOBJS= descbc.o k5_md4des.o k5_md5des.o hmac_md5.o
+STLIBOBJS= descbc.o k5_md4des.o k5_md5des.o hmac_md5.o md5_hmac.o
 
-OBJS= $(OUTPRE)descbc.$(OBJEXT) $(OUTPRE)k5_md4des.$(OBJEXT) $(OUTPRE)k5_md5des.$(OBJEXT) $(OUTPRE)hmac_md5.$(OBJEXT)
+OBJS= $(OUTPRE)descbc.$(OBJEXT) $(OUTPRE)k5_md4des.$(OBJEXT) $(OUTPRE)k5_md5des.$(OBJEXT) $(OUTPRE)hmac_md5.$(OBJEXT) $(OUTPRE)md5_hmac.$(OBJEXT)
 
-SRCS= $(srcdir)/descbc.c $(srcdir)/k5_md4des.c $(srcdir)/k5_md5des.c $(srcdir)/hmac_md5.c
+SRCS= $(srcdir)/descbc.c $(srcdir)/k5_md4des.c $(srcdir)/k5_md5des.c $(srcdir)/hmac_md5.c $(srcdir)/md5_hmac.c
 
 ##DOS##LIBOBJS = $(OBJS)
 
@@ -104,3 +104,15 @@ hmac_md5.so hmac_md5.po $(OUTPRE)hmac_md5.$(OBJEXT): \
   $(srcdir)/../arcfour/arcfour-int.h $(srcdir)/../arcfour/arcfour.h \
   $(srcdir)/../hash_provider/hash_provider.h $(srcdir)/../md5/rsa-md5.h \
   hmac_md5.c keyhash_provider.h
+md5_hmac.so md5_hmac.po $(OUTPRE)md5_hmac.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
+  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
+  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
+  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
+  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(srcdir)/../arcfour/arcfour-int.h \
+  $(srcdir)/../arcfour/arcfour.h $(srcdir)/../hash_provider/hash_provider.h \
+  $(srcdir)/../md5/rsa-md5.h keyhash_provider.h md5_hmac.c
diff --git a/src/lib/crypto/keyhash_provider/keyhash_provider.h b/src/lib/crypto/keyhash_provider/keyhash_provider.h
index 6a96faf8f..8ac91e19d 100644
--- a/src/lib/crypto/keyhash_provider/keyhash_provider.h
+++ b/src/lib/crypto/keyhash_provider/keyhash_provider.h
@@ -30,3 +30,6 @@ extern const struct krb5_keyhash_provider krb5int_keyhash_descbc;
 extern const struct krb5_keyhash_provider krb5int_keyhash_md4des;
 extern const struct krb5_keyhash_provider krb5int_keyhash_md5des;
 extern const struct krb5_keyhash_provider krb5int_keyhash_hmac_md5;
+extern const struct krb5_keyhash_provider krb5int_keyhash_md5_hmac;
+extern const struct krb5_keyhash_provider krb5int_keyhash_aescbc_128;
+extern const struct krb5_keyhash_provider krb5int_keyhash_aescbc_256;
diff --git a/src/lib/crypto/keyhash_provider/md5_hmac.c b/src/lib/crypto/keyhash_provider/md5_hmac.c
new file mode 100644
index 000000000..8c2591588
--- /dev/null
+++ b/src/lib/crypto/keyhash_provider/md5_hmac.c
@@ -0,0 +1,68 @@
+/*
+ * lib/crypto/keyhash_provider/md5_hmac.c
+ *
+ * Copyright2001 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ * Implementation of Microsoft KERB_CHECKSUM_MD5_HMAC
+ */
+
+#include "k5-int.h"
+#include "keyhash_provider.h"
+#include "arcfour-int.h"
+#include "rsa-md5.h"
+#include "hash_provider.h"
+
+static  krb5_error_code
+k5_md5_hmac_hash (const krb5_keyblock *key, krb5_keyusage usage,
+		  const krb5_data *iv,
+		  const krb5_data *input, krb5_data *output)
+{
+  krb5_keyusage ms_usage;
+  krb5_MD5_CTX ctx;
+  unsigned char t[4];
+  krb5_data ds;
+
+  krb5_MD5Init(&ctx);
+
+  ms_usage = krb5int_arcfour_translate_usage (usage);
+  t[0] = (ms_usage >>  0) & 0xff;
+  t[1] = (ms_usage >>  8) & 0xff;
+  t[2] = (ms_usage >> 16) & 0xff;
+  t[3] = (ms_usage >> 24) & 0xff;
+
+  krb5_MD5Update(&ctx, t, sizeof(t));
+  krb5_MD5Update(&ctx, (unsigned char *)input->data, input->length);
+  krb5_MD5Final(&ctx);
+
+  ds.length = 16;
+  ds.data = (char *)ctx.digest;
+
+  return krb5_hmac ( &krb5int_hash_md5, key, 1, &ds, output);
+}
+
+const struct krb5_keyhash_provider krb5int_keyhash_md5_hmac = {
+  16,
+  k5_md5_hmac_hash,
+  NULL /*checksum  again*/
+};
+