Print this page
5218 posix definition of NULL
correct unistd.h and iso/stddef_iso.h
update gate source affected
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/gssapi/mechs/krb5/crypto/etypes.c
+++ new/usr/src/uts/common/gssapi/mechs/krb5/crypto/etypes.c
1 1 /*
2 2 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
3 3 * Use is subject to license terms.
4 4 */
5 5
6 6
7 7 /*
8 8 * Copyright (C) 1998 by the FundsXpress, INC.
9 9 *
10 10 * All rights reserved.
11 11 *
12 12 * Export of this software from the United States of America may require
13 13 * a specific license from the United States Government. It is the
14 14 * responsibility of any person or organization contemplating export to
15 15 * obtain such a license before exporting.
16 16 *
17 17 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
18 18 * distribute this software and its documentation for any purpose and
19 19 * without fee is hereby granted, provided that the above copyright
20 20 * notice appear in all copies and that both that copyright notice and
21 21 * this permission notice appear in supporting documentation, and that
22 22 * the name of FundsXpress. not be used in advertising or publicity pertaining
23 23 * to distribution of the software without specific, written prior
24 24 * permission. FundsXpress makes no representations about the suitability of
25 25 * this software for any purpose. It is provided "as is" without express
26 26 * or implied warranty.
27 27 *
28 28 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
29 29 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
30 30 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
31 31 */
32 32
33 33 #ifdef _KERNEL
34 34 /* Solaris Kerberos:
35 35 * we don't provide these functions to the kernel
36 36 */
37 37 #define krb5int_des_string_to_key NULL
38 38 #define krb5_dk_string_to_key NULL
39 39 #define krb5int_arcfour_string_to_key NULL
40 40 #endif /* _KERNEL */
41 41
42 42 #include <k5-int.h>
43 43 #include <enc_provider.h>
44 44 #include <hash_provider.h>
45 45 #include <etypes.h>
46 46 #include <old.h>
47 47 #include <raw.h>
48 48
49 49 #include <dk.h>
50 50 #include <arcfour.h>
51 51
52 52 /* these will be linear searched. if they ever get big, a binary
53 53 search or hash table would be better, which means these would need
54 54 to be sorted. An array would be more efficient, but that assumes
55 55 that the keytypes are all near each other. I'd rather not make
56 56 that assumption. */
57 57
58 58 struct krb5_keytypes krb5_enctypes_list[] = {
59 59 { ENCTYPE_DES_CBC_CRC,
60 60 "des-cbc-crc", "DES cbc mode with CRC-32",
61 61 &krb5int_enc_des, &krb5int_hash_crc32,
62 62 krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
63 63 CKSUMTYPE_RSA_MD5,
64 64 #ifndef _KERNEL
65 65 krb5int_des_string_to_key,
66 66 #else
67 67 SUN_CKM_DES_CBC,
68 68 NULL,
69 69 CRYPTO_MECH_INVALID,
70 70 CRYPTO_MECH_INVALID
71 71 #endif /* !_KERNEL */
72 72 },
73 73 { ENCTYPE_DES_CBC_MD5,
74 74 "des-cbc-md5", "DES cbc mode with RSA-MD5",
75 75 &krb5int_enc_des, &krb5int_hash_md5,
76 76 krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
77 77 CKSUMTYPE_RSA_MD5,
78 78 #ifndef _KERNEL
79 79 krb5int_des_string_to_key,
80 80 #else
81 81 SUN_CKM_DES_CBC,
82 82 SUN_CKM_MD5,
83 83 CRYPTO_MECH_INVALID,
84 84 CRYPTO_MECH_INVALID
85 85 #endif /* !_KERNEL */
86 86 },
87 87 { ENCTYPE_DES_CBC_MD5,
88 88 "des", "DES cbc mode with RSA-MD5", /* alias */
89 89 &krb5int_enc_des, &krb5int_hash_md5,
90 90 krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
91 91 CKSUMTYPE_RSA_MD5,
92 92 #ifndef _KERNEL
93 93 krb5int_des_string_to_key,
|
↓ open down ↓ |
93 lines elided |
↑ open up ↑ |
94 94 #else
95 95 SUN_CKM_DES_CBC,
96 96 SUN_CKM_MD5,
97 97 CRYPTO_MECH_INVALID,
98 98 CRYPTO_MECH_INVALID
99 99 #endif /* _KERNEL */
100 100 },
101 101 { ENCTYPE_DES_CBC_RAW,
102 102 "des-cbc-raw", "DES cbc mode raw",
103 103 &krb5int_enc_des, NULL,
104 - krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
105 - NULL,
104 + krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt, 0,
106 105 #ifndef _KERNEL
107 106 krb5int_des_string_to_key,
108 107 #else
109 108 SUN_CKM_DES_CBC,
110 109 NULL,
111 110 CRYPTO_MECH_INVALID,
112 111 CRYPTO_MECH_INVALID
113 112 #endif /* !_KERNEL */
114 113 },
115 114
116 115 { ENCTYPE_DES3_CBC_RAW,
117 116 "des3-cbc-raw", "Triple DES cbc mode raw",
118 117 &krb5int_enc_des3, NULL,
119 - krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
120 - NULL,
118 + krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt, 0,
121 119 #ifndef _KERNEL
122 120 krb5int_dk_string_to_key,
123 121 #else
124 122 SUN_CKM_DES3_CBC,
125 123 NULL,
126 124 CRYPTO_MECH_INVALID,
127 125 CRYPTO_MECH_INVALID
128 126 #endif /* !_KERNEL */
129 127 },
130 128
131 129 { ENCTYPE_DES3_CBC_SHA1,
132 130 "des3-cbc-sha1", "Triple DES cbc mode with HMAC/sha1",
133 131 &krb5int_enc_des3, &krb5int_hash_sha1,
134 132 krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
135 133 CKSUMTYPE_HMAC_SHA1_DES3,
136 134 #ifndef _KERNEL
137 135 krb5int_dk_string_to_key,
138 136 #else
139 137 SUN_CKM_DES3_CBC,
140 138 SUN_CKM_SHA1_HMAC,
141 139 CRYPTO_MECH_INVALID,
142 140 CRYPTO_MECH_INVALID
143 141 #endif
144 142 },
145 143 { ENCTYPE_DES3_CBC_SHA1, /* alias */
146 144 "des3-hmac-sha1", "Triple DES cbc mode with HMAC/sha1",
147 145 &krb5int_enc_des3, &krb5int_hash_sha1,
148 146 krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
149 147 CKSUMTYPE_HMAC_SHA1_DES3,
150 148 #ifndef _KERNEL
151 149 krb5int_dk_string_to_key,
152 150 #else
153 151 SUN_CKM_DES3_CBC,
154 152 SUN_CKM_SHA1_HMAC,
155 153 CRYPTO_MECH_INVALID,
156 154 CRYPTO_MECH_INVALID
157 155 #endif /* !_KERNEL */
158 156 },
159 157 { ENCTYPE_DES3_CBC_SHA1, /* alias */
160 158 "des3-cbc-sha1-kd", "Triple DES cbc mode with HMAC/sha1",
161 159 &krb5int_enc_des3, &krb5int_hash_sha1,
162 160 krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
163 161 CKSUMTYPE_HMAC_SHA1_DES3,
164 162 #ifndef _KERNEL
165 163 krb5int_dk_string_to_key,
166 164 #else
167 165 SUN_CKM_DES3_CBC,
168 166 SUN_CKM_SHA1_HMAC,
169 167 CRYPTO_MECH_INVALID,
170 168 CRYPTO_MECH_INVALID
171 169 #endif /* !_KERNEL */
172 170 },
173 171 /* The des3-cbc-hmac-sha1-kd is the official enctype associated with
174 172 * 3DES/SHA1 in draft-ietf-krb-wg-crypto-00.txt
175 173 */
176 174 { ENCTYPE_DES3_CBC_SHA1, /* alias */
177 175 "des3-cbc-hmac-sha1-kd", "Triple DES cbc mode with HMAC/sha1",
178 176 &krb5int_enc_des3, &krb5int_hash_sha1,
179 177 krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
180 178 CKSUMTYPE_HMAC_SHA1_DES3,
181 179 #ifndef _KERNEL
182 180 krb5int_dk_string_to_key,
183 181 #else
|
↓ open down ↓ |
53 lines elided |
↑ open up ↑ |
184 182 SUN_CKM_DES3_CBC,
185 183 SUN_CKM_SHA1_HMAC,
186 184 CRYPTO_MECH_INVALID,
187 185 CRYPTO_MECH_INVALID
188 186 #endif /* !_KERNEL */
189 187 },
190 188
191 189 { ENCTYPE_DES_HMAC_SHA1,
192 190 "des-hmac-sha1", "DES with HMAC/sha1",
193 191 &krb5int_enc_des, &krb5int_hash_sha1,
194 - krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
195 - NULL,
192 + krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, 0,
196 193 #ifndef _KERNEL
197 194 krb5int_dk_string_to_key,
198 195 #else
199 196 SUN_CKM_DES_CBC,
200 197 SUN_CKM_SHA1_HMAC,
201 198 CRYPTO_MECH_INVALID,
202 199 CRYPTO_MECH_INVALID
203 200 #endif /* !_KERNEL */
204 201 },
205 202 { ENCTYPE_ARCFOUR_HMAC,
206 203 "arcfour-hmac","ArcFour with HMAC/md5", &krb5int_enc_arcfour,
207 204 &krb5int_hash_md5,
208 205 krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
209 206 krb5_arcfour_decrypt,
210 207 CKSUMTYPE_HMAC_MD5_ARCFOUR,
211 208 #ifndef _KERNEL
212 209 krb5int_arcfour_string_to_key,
213 210 #else
214 211 SUN_CKM_RC4,
215 212 SUN_CKM_MD5_HMAC,
216 213 CRYPTO_MECH_INVALID,
217 214 CRYPTO_MECH_INVALID
218 215 #endif /* !_KERNEL */
219 216 },
220 217 { ENCTYPE_ARCFOUR_HMAC, /* alias */
221 218 "rc4-hmac", "ArcFour with HMAC/md5", &krb5int_enc_arcfour,
222 219 &krb5int_hash_md5,
223 220 krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
224 221 krb5_arcfour_decrypt,
225 222 CKSUMTYPE_HMAC_MD5_ARCFOUR,
226 223 #ifndef _KERNEL
227 224 krb5int_arcfour_string_to_key,
228 225 #else
229 226 SUN_CKM_RC4,
230 227 SUN_CKM_MD5_HMAC,
231 228 CRYPTO_MECH_INVALID,
232 229 CRYPTO_MECH_INVALID
233 230 #endif /* !_KERNEL */
234 231 },
235 232 { ENCTYPE_ARCFOUR_HMAC, /* alias */
236 233 "arcfour-hmac-md5", "ArcFour with HMAC/md5", &krb5int_enc_arcfour,
237 234 &krb5int_hash_md5,
238 235 krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
239 236 krb5_arcfour_decrypt,
240 237 CKSUMTYPE_HMAC_MD5_ARCFOUR,
241 238 #ifndef _KERNEL
242 239 krb5int_arcfour_string_to_key,
243 240 #else
244 241 SUN_CKM_RC4,
245 242 SUN_CKM_MD5_HMAC,
246 243 CRYPTO_MECH_INVALID,
247 244 CRYPTO_MECH_INVALID
248 245 #endif /* !_KERNEL */
249 246 },
250 247 { ENCTYPE_ARCFOUR_HMAC_EXP,
251 248 "arcfour-hmac-exp", "Exportable ArcFour with HMAC/md5",
252 249 &krb5int_enc_arcfour,
253 250 &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
254 251 krb5_arcfour_decrypt,
255 252 CKSUMTYPE_HMAC_MD5_ARCFOUR,
256 253 #ifndef _KERNEL
257 254 krb5int_arcfour_string_to_key,
258 255 #else
259 256 SUN_CKM_RC4,
260 257 SUN_CKM_MD5_HMAC,
261 258 CRYPTO_MECH_INVALID,
262 259 CRYPTO_MECH_INVALID
263 260 #endif /* !_KERNEL */
264 261 },
265 262 { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */
266 263 "rc4-hmac-exp", "Exportable ArcFour with HMAC/md5",
267 264 &krb5int_enc_arcfour,
268 265 &krb5int_hash_md5,
269 266 krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
270 267 krb5_arcfour_decrypt,
271 268 CKSUMTYPE_HMAC_MD5_ARCFOUR,
272 269 #ifndef _KERNEL
273 270 krb5int_arcfour_string_to_key,
274 271 #else
275 272 SUN_CKM_RC4,
276 273 SUN_CKM_MD5_HMAC,
277 274 CRYPTO_MECH_INVALID,
278 275 CRYPTO_MECH_INVALID
279 276 #endif /* !_KERNEL */
280 277 },
281 278 { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */
282 279 "arcfour-hmac-md5-exp", "Exportable ArcFour with HMAC/md5",
283 280 &krb5int_enc_arcfour,
284 281 &krb5int_hash_md5,
285 282 krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
286 283 krb5_arcfour_decrypt,
287 284 CKSUMTYPE_HMAC_MD5_ARCFOUR,
288 285 #ifndef _KERNEL
289 286 krb5int_arcfour_string_to_key,
290 287 #else
291 288 SUN_CKM_RC4,
292 289 SUN_CKM_MD5_HMAC,
293 290 CRYPTO_MECH_INVALID,
294 291 CRYPTO_MECH_INVALID
295 292 #endif /* !_KERNEL */
296 293 },
297 294
298 295 /*
299 296 * Note, all AES enctypes must use SUN_CKM_AES_CBC. See aes_provider.c for
300 297 * more info.
301 298 */
302 299 { ENCTYPE_AES128_CTS_HMAC_SHA1_96,
303 300 "aes128-cts-hmac-sha1-96", "AES-128 CTS mode with 96-bit SHA-1 HMAC",
304 301 &krb5int_enc_aes128, &krb5int_hash_sha1,
305 302 krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
306 303 CKSUMTYPE_HMAC_SHA1_96_AES128,
307 304 #ifndef _KERNEL
308 305 krb5int_aes_string_to_key,
309 306 #else
310 307 SUN_CKM_AES_CBC,
311 308 SUN_CKM_SHA1_HMAC,
312 309 CRYPTO_MECH_INVALID,
313 310 CRYPTO_MECH_INVALID
314 311 #endif /* !_KERNEL */
315 312 },
316 313 { ENCTYPE_AES128_CTS_HMAC_SHA1_96,
317 314 "aes128-cts", "AES-128 CTS mode with 96-bit SHA-1 HMAC",
318 315 &krb5int_enc_aes128, &krb5int_hash_sha1,
319 316 krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
320 317 CKSUMTYPE_HMAC_SHA1_96_AES128,
321 318 #ifndef _KERNEL
322 319 krb5int_aes_string_to_key,
323 320 #else
324 321 SUN_CKM_AES_CBC,
325 322 SUN_CKM_SHA1_HMAC,
326 323 CRYPTO_MECH_INVALID,
327 324 CRYPTO_MECH_INVALID
328 325 #endif /* !_KERNEL */
329 326 },
330 327 { ENCTYPE_AES256_CTS_HMAC_SHA1_96,
331 328 "aes256-cts-hmac-sha1-96", "AES-256 CTS mode with 96-bit SHA-1 HMAC",
332 329 &krb5int_enc_aes256, &krb5int_hash_sha1,
333 330 krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
334 331 CKSUMTYPE_HMAC_SHA1_96_AES256,
335 332 #ifndef _KERNEL
336 333 krb5int_aes_string_to_key,
337 334 #else
338 335 SUN_CKM_AES_CBC,
339 336 SUN_CKM_SHA1_HMAC,
340 337 CRYPTO_MECH_INVALID,
341 338 CRYPTO_MECH_INVALID
342 339 #endif /* !_KERNEL */
343 340 },
344 341 { ENCTYPE_AES256_CTS_HMAC_SHA1_96,
345 342 "aes256-cts", "AES-256 CTS mode with 96-bit SHA-1 HMAC",
346 343 &krb5int_enc_aes256, &krb5int_hash_sha1,
347 344 krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
348 345 CKSUMTYPE_HMAC_SHA1_96_AES256,
349 346 #ifndef _KERNEL
350 347 krb5int_aes_string_to_key,
351 348 #else
352 349 SUN_CKM_AES_CBC,
353 350 SUN_CKM_SHA1_HMAC,
354 351 CRYPTO_MECH_INVALID,
355 352 CRYPTO_MECH_INVALID
356 353 #endif /* !_KERNEL */
357 354 },
358 355 };
359 356
360 357 const int krb5_enctypes_length =
361 358 sizeof(krb5_enctypes_list)/sizeof(struct krb5_keytypes);
362 359
363 360 #ifdef _KERNEL
364 361
365 362 /*
366 363 * Routine to pre-fetch the mechanism types from KEF so
367 364 * we dont keep doing this step later.
368 365 */
369 366 void
370 367 setup_kef_keytypes()
371 368 {
372 369 int i;
373 370 struct krb5_keytypes *kt;
374 371
375 372 for (i=0; i<krb5_enctypes_length; i++) {
376 373 kt = (struct krb5_keytypes *)&krb5_enctypes_list[i];
377 374 if (kt->kef_cipher_mt == CRYPTO_MECH_INVALID &&
378 375 kt->mt_e_name != NULL) {
379 376 krb5_enctypes_list[i].kef_cipher_mt =
380 377 crypto_mech2id(kt->mt_e_name);
381 378 }
382 379
383 380 if (kt->kef_hash_mt == CRYPTO_MECH_INVALID &&
384 381 kt->mt_h_name != NULL) {
385 382 krb5_enctypes_list[i].kef_hash_mt =
386 383 crypto_mech2id(kt->mt_h_name);
387 384 }
388 385 KRB5_LOG1(KRB5_INFO, "setup_kef_keytypes(): %s ==> %ld",
389 386 kt->mt_e_name,
390 387 (ulong_t) krb5_enctypes_list[i].kef_cipher_mt);
391 388 }
392 389 }
393 390
394 391 /*ARGSUSED*/
395 392 crypto_mech_type_t
396 393 get_cipher_mech_type(krb5_context context, krb5_keyblock *key)
397 394 {
398 395 int i;
399 396 struct krb5_keytypes *kt;
400 397
401 398 if (key == NULL)
402 399 return (CRYPTO_MECH_INVALID);
403 400
404 401 for (i=0; i<krb5_enctypes_length; i++) {
405 402 kt = (struct krb5_keytypes *)&krb5_enctypes_list[i];
406 403 if (kt->etype == key->enctype) {
407 404 KRB5_LOG1(KRB5_INFO, "get_cipher_mech_type() "
408 405 "found %s %ld",
409 406 kt->mt_e_name,
410 407 (ulong_t) kt->kef_cipher_mt);
411 408 return (kt->kef_cipher_mt);
412 409 }
413 410 }
414 411 return (CRYPTO_MECH_INVALID);
415 412 }
416 413
417 414 /*ARGSUSED*/
418 415 crypto_mech_type_t
419 416 get_hash_mech_type(krb5_context context, krb5_keyblock *key)
420 417 {
421 418 int i;
422 419 struct krb5_keytypes *kt;
423 420
424 421 if (key == NULL)
425 422 return (CRYPTO_MECH_INVALID);
426 423
427 424 for (i=0; i<krb5_enctypes_length; i++) {
428 425 kt = (struct krb5_keytypes *)&krb5_enctypes_list[i];
429 426 if (kt->etype == key->enctype) {
430 427 KRB5_LOG1(KRB5_INFO, "get_hash_mech_type() "
431 428 "found %s %ld",
432 429 kt->mt_h_name,
433 430 (ulong_t) kt->kef_hash_mt);
434 431 return (kt->kef_hash_mt);
435 432 }
436 433 }
437 434 return (CRYPTO_MECH_INVALID);
438 435 }
439 436
440 437 #endif /* _KERNEL */
|
↓ open down ↓ |
235 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX