Permalink
Browse files

Add NSS as a crypto provider.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8-nss@24212 dc483132-0cff-0310-8789-dd5450dbe970
  • Loading branch information...
relyea
relyea committed Jul 26, 2010
1 parent 4a8302a commit 2d798bc1868471fca196e8ab193f2ee5d61bbe8f
Showing with 3,664 additions and 1 deletion.
  1. +22 −0 src/configure.in
  2. +1 −1 src/lib/crypto/Makefile.in
  3. +81 −0 src/lib/crypto/crypto_tests/t_encrypt.c
  4. +134 −0 src/lib/crypto/nss/Makefile.in
  5. +40 −0 src/lib/crypto/nss/aes/Makefile.in
  6. +1 −0 src/lib/crypto/nss/aes/deps
  7. +25 −0 src/lib/crypto/nss/deps
  8. +49 −0 src/lib/crypto/nss/des/Makefile.in
  9. +47 −0 src/lib/crypto/nss/des/deps
  10. +188 −0 src/lib/crypto/nss/des/des_int.h
  11. +55 −0 src/lib/crypto/nss/des/des_oldapis.c
  12. +56 −0 src/lib/crypto/nss/des/f_parity.c
  13. +85 −0 src/lib/crypto/nss/des/string2key.c
  14. +83 −0 src/lib/crypto/nss/des/weak_key.c
  15. +51 −0 src/lib/crypto/nss/enc_provider/Makefile.in
  16. +101 −0 src/lib/crypto/nss/enc_provider/aes.c
  17. 0 src/lib/crypto/nss/enc_provider/deps
  18. +100 −0 src/lib/crypto/nss/enc_provider/des.c
  19. +100 −0 src/lib/crypto/nss/enc_provider/des3.c
  20. +654 −0 src/lib/crypto/nss/enc_provider/enc_gen.c
  21. +35 −0 src/lib/crypto/nss/enc_provider/enc_provider.h
  22. +109 −0 src/lib/crypto/nss/enc_provider/rc4.c
  23. +46 −0 src/lib/crypto/nss/hash_provider/Makefile.in
  24. +52 −0 src/lib/crypto/nss/hash_provider/deps
  25. +58 −0 src/lib/crypto/nss/hash_provider/hash_crc32.c
  26. +64 −0 src/lib/crypto/nss/hash_provider/hash_gen.c
  27. +33 −0 src/lib/crypto/nss/hash_provider/hash_gen.h
  28. +63 −0 src/lib/crypto/nss/hash_provider/hash_md4.c
  29. +43 −0 src/lib/crypto/nss/hash_provider/hash_md5.c
  30. +32 −0 src/lib/crypto/nss/hash_provider/hash_provider.h
  31. +43 −0 src/lib/crypto/nss/hash_provider/hash_sha1.c
  32. +193 −0 src/lib/crypto/nss/hmac.c
  33. +3 −0 src/lib/crypto/nss/md4/ISSUES
  34. +37 −0 src/lib/crypto/nss/md4/Makefile.in
  35. +13 −0 src/lib/crypto/nss/md4/deps
  36. +247 −0 src/lib/crypto/nss/md4/md4.c
  37. +95 −0 src/lib/crypto/nss/md4/rsa-md4.h
  38. +37 −0 src/lib/crypto/nss/md5/Makefile.in
  39. +14 −0 src/lib/crypto/nss/md5/deps
  40. +81 −0 src/lib/crypto/nss/md5/md5.c
  41. +88 −0 src/lib/crypto/nss/md5/rsa-md5.h
  42. +97 −0 src/lib/crypto/nss/nss_gen.h
  43. +117 −0 src/lib/crypto/nss/pbkdf2.c
  44. +32 −0 src/lib/crypto/nss/sha1/Makefile.in
  45. +14 −0 src/lib/crypto/nss/sha1/deps
  46. +71 −0 src/lib/crypto/nss/sha1/shs.c
  47. +45 −0 src/lib/crypto/nss/sha1/shs.h
  48. +29 −0 src/lib/crypto/nss/yhash.h
View
@@ -125,6 +125,28 @@ AC_MSG_RESULT("k5crypto will use \'$withval\'")
], withval=builtin)
AC_CONFIG_COMMANDS(CRYPTO_IMPL, , CRYPTO_IMPL=$CRYPTO_IMPL)
AC_SUBST(CRYPTO_IMPL)
+#PKG_CHECK_MODULES(CRYPTO_IMPL, $CRYPTO_IMPL, [ withval != builtin ], )
+case "$withval" in
+openssl)
+ AC_CHECK_LIB(crypto, PKCS7_get_signer_info)
+ CRYPTO_IMPL_LIBS=
+ CRYPTO_IMPL_CFLAGS=
+ ;;
+builtin)
+ CRYPTO_IMPL_LIBS=
+ CRYPTO_IMPL_CFLAGS=
+ ;;
+nss)
+ CRYPTO_IMPL_CFLAGS=`pkg-config --cflags $CRYPTO_IMPL`
+ CRYPTO_IMPL_LIBS="-lnss3 $(pkg-config --libs nss-util)"
+ ;;
+*)
+ CRYPTO_IMPL_CFLAGS=`pkg-config --cflags $CRYPTO_IMPL`
+ CRYPTO_IMPL_LIBS=`pkg-config --libs $CRYPTO_IMPL`
+ ;;
+esac
+AC_SUBST(CRYPTO_IMPL_CFLAGS)
+AC_SUBST(CRYPTO_IMPL_LIBS)
# --with-kdc-kdb-update makes the KDC update the database with last request
# information and failure information.
@@ -38,7 +38,7 @@ SUBDIROBJLISTS=krb/crc32/OBJS.ST krb/dk/OBJS.ST @CRYPTO_IMPL@/enc_provider/OBJS.
# link editor and loader support it.
DEPLIBS=
SHLIB_DIRS=-L$(TOPLIBD)
-SHLIB_EXPLIBS= $(SUPPORT_LIB) @CRYPTO_LIBS@ $(LIBS)
+SHLIB_EXPLIBS= $(SUPPORT_LIB) @CRYPTO_LIBS@ @CRYPTO_IMPL_LIBS@ $(LIBS)
SHLIB_EXPDEPLIBS= $(SUPPORT_DEPLIB)
SHLIB_LDFLAGS= $(LDFLAGS) @SHLIB_RPATH_DIRS@
SHLIB_LIBDIRS= @SHLIB_LIBDIRS@
@@ -75,6 +75,79 @@ static int compare_results(krb5_data *d1, krb5_data *d2)
return 0;
}
+
+static void dump_data(const char *label, const krb5_data *d)
+{
+ int need_terminate = 0;
+ unsigned int i;
+
+ /* magic */
+ if (label) printf("------------- %s ------------\n",label);
+ for (i=0; i < d->length; i++) {
+ need_terminate = 1;
+ printf(" %02x",(unsigned char )d->data[i]);
+ if ((i & 0xf) == 0xf) {
+ printf("\n");
+ need_terminate = 0;
+ }
+ }
+ if (need_terminate) printf("\n");
+ printf("-------------------------------\n");
+}
+
+
+static void dump_encdata(const char *label, const krb5_enc_data *encData)
+{
+ /* magic, enctype, kvno */
+ dump_data(label, &encData->ciphertext);
+}
+
+static void dump_keyblock(const char *label, const krb5_keyblock *keyblock)
+{
+ krb5_data d;
+ /* magic, enctype */
+ d.data = (char *)keyblock->contents;
+ d.length = keyblock->length;
+ dump_data(label, &d);
+}
+
+
+static char *iov_flag_string(krb5_cryptotype flag)
+{
+ switch (flag) {
+ case KRB5_CRYPTO_TYPE_EMPTY:
+ return "KRB5_CRYPTO_TYPE_EMPTY";
+ case KRB5_CRYPTO_TYPE_HEADER:
+ return "KRB5_CRYPTO_TYPE_HEADER";
+ case KRB5_CRYPTO_TYPE_DATA:
+ return "KRB5_CRYPTO_TYPE_DATA";
+ case KRB5_CRYPTO_TYPE_SIGN_ONLY:
+ return "KRB5_CRYPTO_TYPE_SIGN_ONLY";
+ case KRB5_CRYPTO_TYPE_PADDING:
+ return "KRB5_CRYPTO_TYPE_PADDING";
+ case KRB5_CRYPTO_TYPE_TRAILER:
+ return "KRB5_CRYPTO_TYPE_TRAILER";
+ case KRB5_CRYPTO_TYPE_CHECKSUM:
+ return "KRB5_CRYPTO_TYPE_CHECKSUM";
+ case KRB5_CRYPTO_TYPE_STREAM:
+ return "KRB5_CRYPTO_TYPE_STREAM";
+ default:
+ break;
+ }
+ return "Unknown!!";
+}
+
+static void dump_iov(const char *label, const krb5_crypto_iov *iov, int count)
+{
+ int i;
+ if(label) printf("************* %s ************\n",label);
+ printf(" %d elements\n", count);
+ for (i=0; i < count; i++) {
+ dump_data(iov_flag_string(iov[i].flags), &iov[i].data);
+ }
+}
+
+
int
main ()
{
@@ -121,6 +194,7 @@ main ()
krb5_init_keyblock (context, enctype, 0, &keyblock));
test ("Generating random keyblock",
krb5_c_make_random_key (context, enctype, keyblock));
+ dump_keyblock("Keyblock", keyblock);
test ("Creating opaque key from keyblock",
krb5_k_create_key (context, keyblock, &key));
@@ -134,6 +208,7 @@ main ()
/* Encrypt, decrypt, and see if we got the plaintext back again. */
test ("Encrypting (c)",
krb5_c_encrypt (context, keyblock, 7, 0, &in, &enc_out));
+ dump_encdata("Encrypt_c out", &enc_out);
test ("Decrypting",
krb5_c_decrypt (context, keyblock, 7, 0, &enc_out, &check));
test ("Comparing", compare_results (&in, &check));
@@ -142,6 +217,7 @@ main ()
memset(out.data, 0, out.length);
test ("Encrypting (k)",
krb5_k_encrypt (context, key, 7, 0, &in, &enc_out));
+ dump_encdata("Encrypt_k out", &enc_out);
test ("Decrypting",
krb5_k_decrypt (context, key, 7, 0, &enc_out, &check));
test ("Comparing", compare_results (&in, &check));
@@ -196,6 +272,7 @@ main ()
/* Encrypt and decrypt in place, and check the result. */
test("iov encrypting (c)",
krb5_c_encrypt_iov(context, keyblock, 7, 0, iov, 5));
+ dump_iov("Encrypt_c iov", iov, 5);
assert(iov[1].data.length == in.length);
test("iov decrypting",
krb5_c_decrypt_iov(context, keyblock, 7, 0, iov, 5));
@@ -206,6 +283,7 @@ main ()
test("iov encrypting (k)",
krb5_k_encrypt_iov(context, key, 7, 0, iov, 5));
assert(iov[1].data.length == in.length);
+ dump_iov("Encrypt_k iov", iov, 5);
test("iov decrypting",
krb5_k_decrypt_iov(context, key, 7, 0, iov, 5));
test("Comparing results",
@@ -219,8 +297,10 @@ main ()
krb5_c_init_state (context, keyblock, 7, &state));
test ("Encrypting with state",
krb5_c_encrypt (context, keyblock, 7, &state, &in, &enc_out));
+ dump_encdata("Encrypt_c state", &enc_out);
test ("Encrypting again with state",
krb5_c_encrypt (context, keyblock, 7, &state, &in2, &enc_out2));
+ dump_encdata("Encrypt_c state2", &enc_out2);
test ("free_state",
krb5_c_free_state (context, keyblock, &state));
test ("init_state",
@@ -251,6 +331,7 @@ main ()
check.length = 2048;
test ("Encrypting with RC4 key usage 8",
krb5_c_encrypt (context, keyblock, 8, 0, &in, &enc_out));
+ dump_encdata("Encrypt rc4 fallback", &enc_out);
test ("Decrypting with RC4 key usage 9",
krb5_c_decrypt (context, keyblock, 9, 0, &enc_out, &check));
test ("Comparing", compare_results (&in, &check));
@@ -0,0 +1,134 @@
+mydir=lib/crypto/nss
+BUILDTOP=$(REL)..$(S)..$(S)..
+SUBDIRS=des aes md4 md5 sha1 enc_provider hash_provider
+LOCALINCLUDES = -I$(srcdir)/../krb \
+ -I$(srcdir)/../krb/hash_provider \
+ -I$(srcdir)/des \
+ -I$(srcdir)/aes \
+ -I$(srcdir)/sha1 \
+ -I$(srcdir)/md4 \
+ -I$(srcdir)/md5 \
+ -I$(srcdir)/enc_provider \
+ -I$(srcdir)/hash_provider \
+ @CRYPTO_IMPL_CFLAGS@
+
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+DEFS=
+
+##DOSBUILDTOP = ..\..\..
+##DOSLIBNAME=$(OUTPRE)crypto.lib
+##DOSOBJFILE=$(OUTPRE)crypto.lst
+##DOSOBJFILELIST=@$(OUTPRE)crypto.lst @$(OUTPRE)des.lst @$(OUTPRE)md4.lst @$(OUTPRE)md5.lst @$(OUTPRE)sha1.lst @$(OUTPRE)crc32.lst @$(OUTPRE)dk.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)enc_prov.lst @$(OUTPRE)hash_pro.lst @$(OUTPRE)kh_pro.lst @$(OUTPRE)yarrow.lst @$(OUTPRE)aes.lst
+##DOSOBJFILEDEP =$(OUTPRE)crypto.lst $(OUTPRE)des.lst $(OUTPRE)md4.lst $(OUTPRE)md5.lst $(OUTPRE)sha1.lst $(OUTPRE)crc32.lst $(OUTPRE)dk.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)enc_prov.lst $(OUTPRE)hash_pro.lst $(OUTPRE)kh_pro.lst $(OUTPRE)aes.lst
+
+STLIBOBJS=\
+ hmac.o \
+ pbkdf2.o
+
+OBJS=\
+ $(OUTPRE)hmac.$(OBJEXT) \
+ $(OUTPRE)pbkdf2.$(OBJEXT)
+
+SRCS=\
+ $(srcdir)/hmac.c \
+ $(srcdir)/pbkdf2.c
+
+STOBJLISTS= des/OBJS.ST md4/OBJS.ST \
+ md5/OBJS.ST sha1/OBJS.ST \
+ enc_provider/OBJS.ST \
+ hash_provider/OBJS.ST \
+ aes/OBJS.ST \
+ OBJS.ST
+
+SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \
+ md5/OBJS.ST sha1/OBJS.ST \
+ enc_provider/OBJS.ST \
+ hash_provider/OBJS.ST \
+ aes/OBJS.ST
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix:: all-libobjs
+includes:: depend
+
+depend:: $(SRCS)
+
+clean-unix:: clean-libobjs
+
+all-windows::
+ cd ..\des
+ @echo Making in crypto\des
+ $(MAKE) -$(MFLAGS)
+ cd ..\md4
+ @echo Making in crypto\md4
+ $(MAKE) -$(MFLAGS)
+ cd ..\md5
+ @echo Making in crypto\md5
+ $(MAKE) -$(MFLAGS)
+ cd ..\sha1
+ @echo Making in crypto\sha1
+ $(MAKE) -$(MFLAGS)
+ cd ..\hash_provider
+ @echo Making in crypto\hash_provider
+ $(MAKE) -$(MFLAGS)
+ cd ..\enc_provider
+ @echo Making in crypto\enc_provider
+ $(MAKE) -$(MFLAGS)
+ cd ..\aes
+ @echo Making in crypto\aes
+ $(MAKE) -$(MFLAGS)
+ cd ..
+
+clean-windows::
+ cd ..\des
+ @echo Making clean in crypto\des
+ $(MAKE) -$(MFLAGS) clean
+ cd ..\md4
+ @echo Making clean in crypto\md4
+ $(MAKE) -$(MFLAGS) clean
+ cd ..\md5
+ @echo Making clean in crypto\md5
+ $(MAKE) -$(MFLAGS) clean
+ cd ..\sha1
+ @echo Making clean in crypto\sha1
+ $(MAKE) -$(MFLAGS) clean
+ cd ..\hash_provider
+ @echo Making clean in crypto\hash_provider
+ $(MAKE) -$(MFLAGS) clean
+ cd ..\enc_provider
+ @echo Making clean in crypto\enc_provider
+ $(MAKE) -$(MFLAGS) clean
+ cd ..\aes
+ @echo Making clean in crypto\aes
+ $(MAKE) -$(MFLAGS) clean
+ cd ..
+
+check-windows::
+ cd ..\des
+ @echo Making check in crypto\des
+ $(MAKE) -$(MFLAGS) check
+ cd ..\md4
+ @echo Making check in crypto\md4
+ $(MAKE) -$(MFLAGS) check
+ cd ..\md5
+ @echo Making check in crypto\md5
+ $(MAKE) -$(MFLAGS) check
+ cd ..\sha1
+ @echo Making check in crypto\sha1
+ $(MAKE) -$(MFLAGS) check
+ cd ..\hash_provider
+ @echo Making check in crypto\hash_provider
+ $(MAKE) -$(MFLAGS) check
+ cd ..\enc_provider
+ @echo Making check in crypto\enc_provider
+ $(MAKE) -$(MFLAGS) check
+ cd ..\aes
+ @echo Making check in crypto\aes
+ $(MAKE) -$(MFLAGS) check
+ cd ..
+
+
+@lib_frag@
+@libobj_frag@
+
@@ -0,0 +1,40 @@
+# Nothing here! But we can't remove this directory as the build
+# system currently assumes that all modules have the same directory
+# structure.
+
+mydir=lib/crypto/nss/aes
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../../krb/dk -I$(srcdir)/../../../../include
+DEFS=
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR=aes
+##DOS##OBJFILE=..\$(OUTPRE)aes.lst
+
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
+STLIBOBJS=
+
+OBJS=
+
+SRCS=
+
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix:: all-libobjs
+
+includes:: depend
+
+depend:: $(SRCS)
+
+check::
+
+
+clean-unix:: clean-libobjs
+
+clean::
+
+@libobj_frag@
+
@@ -0,0 +1 @@
+# No dependencies here.
View
@@ -0,0 +1,25 @@
+#
+# Generated makefile dependencies follow.
+#
+hmac.so hmac.po $(OUTPRE)hmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h $(srcdir)/hmac.c \
+ $(srcdir)/../krb/aead.h $(srcdir)/../krb/cksumtypes.h
+pbkdf2.so pbkdf2.po $(OUTPRE)pbkdf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h $(srcdir)/hash_provider/hash_provider.h \
+ $(srcdir)/pbkdf2.c
Oops, something went wrong.

0 comments on commit 2d798bc

Please sign in to comment.