From 8060a561db2689a60fa5f2fd1e961e7f384363ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Sun, 24 Jul 2011 16:02:22 -0700 Subject: [PATCH] switch to KRB5_ENCTYPE --- lib/gssapi/krb5/arcfour.c | 4 ++-- lib/gssapi/krb5/get_mic.c | 15 ++++++++------- lib/gssapi/krb5/test_cfx.c | 2 +- lib/gssapi/krb5/unwrap.c | 15 ++++++++------- lib/gssapi/krb5/verify_mic.c | 16 +++++++++------- lib/gssapi/krb5/wrap.c | 29 ++++++++++++++++------------- lib/krb5/aes-test.c | 2 +- lib/krb5/auth_context.c | 2 +- lib/krb5/crypto-aes.c | 4 ++-- lib/krb5/crypto-arcfour.c | 2 +- lib/krb5/crypto-null.c | 2 +- lib/krb5/crypto.c | 6 +++--- lib/krb5/deprecated.c | 14 +++++++------- lib/krb5/get_for_creds.c | 2 +- lib/krb5/init_creds_pw.c | 4 ++-- lib/krb5/keyblock.c | 2 +- lib/krb5/krb5_auth_context.3 | 2 +- 17 files changed, 65 insertions(+), 58 deletions(-) diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c index 15b1b3434..f5e41e405 100644 --- a/lib/gssapi/krb5/arcfour.c +++ b/lib/gssapi/krb5/arcfour.c @@ -86,7 +86,7 @@ arcfour_mic_key(krb5_context context, krb5_keyblock *key, cksum_k5.checksum.data = k5_data; cksum_k5.checksum.length = sizeof(k5_data); - if (key->keytype == ENCTYPE_ARCFOUR_HMAC_MD5_56) { + if (key->keytype == KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56) { char L40[14] = "fortybits"; memcpy(L40 + 10, T, sizeof(T)); @@ -100,7 +100,7 @@ arcfour_mic_key(krb5_context context, krb5_keyblock *key, if (ret) return ret; - key5.keytype = ENCTYPE_ARCFOUR_HMAC_MD5; + key5.keytype = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5; key5.keyvalue = cksum_k5.checksum; cksum_k6.checksum.data = key6_data; diff --git a/lib/gssapi/krb5/get_mic.c b/lib/gssapi/krb5/get_mic.c index 0109ca7c6..d032d23d5 100644 --- a/lib/gssapi/krb5/get_mic.c +++ b/lib/gssapi/krb5/get_mic.c @@ -285,7 +285,6 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_get_mic const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; krb5_keyblock *key; OM_uint32 ret; - krb5_keytype keytype; GSSAPI_KRB5_INIT (&context); @@ -300,10 +299,11 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_get_mic *minor_status = ret; return GSS_S_FAILURE; } - krb5_enctype_to_keytype (context, key->keytype, &keytype); - switch (keytype) { - case KEYTYPE_DES : + switch (key->keytype) { + case KRB5_ENCTYPE_DES_CBC_CRC : + case KRB5_ENCTYPE_DES_CBC_MD4 : + case KRB5_ENCTYPE_DES_CBC_MD5 : #ifdef HEIM_WEAK_CRYPTO ret = mic_des (minor_status, ctx, context, qop_req, message_buffer, message_token, key); @@ -311,12 +311,13 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_get_mic ret = GSS_S_FAILURE; #endif break; - case KEYTYPE_DES3 : + case KRB5_ENCTYPE_DES3_CBC_MD5 : + case KRB5_ENCTYPE_DES3_CBC_SHA1 : ret = mic_des3 (minor_status, ctx, context, qop_req, message_buffer, message_token, key); break; - case KEYTYPE_ARCFOUR: - case KEYTYPE_ARCFOUR_56: + case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5: + case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56: ret = _gssapi_get_mic_arcfour (minor_status, ctx, context, qop_req, message_buffer, message_token, key); break; diff --git a/lib/gssapi/krb5/test_cfx.c b/lib/gssapi/krb5/test_cfx.c index 0b196fcad..15f853c6b 100644 --- a/lib/gssapi/krb5/test_cfx.c +++ b/lib/gssapi/krb5/test_cfx.c @@ -148,7 +148,7 @@ main(int argc, char **argv) errx(1, "krb5_context_init: %d", ret); ret = krb5_generate_random_keyblock(context, - ENCTYPE_AES256_CTS_HMAC_SHA1_96, + KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96, &keyblock); if (ret) krb5_err(context, 1, ret, "krb5_generate_random_keyblock"); diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c index d6bc20477..b3da35ee9 100644 --- a/lib/gssapi/krb5/unwrap.c +++ b/lib/gssapi/krb5/unwrap.c @@ -392,7 +392,6 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_unwrap krb5_keyblock *key; krb5_context context; OM_uint32 ret; - krb5_keytype keytype; gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle; output_message_buffer->value = NULL; @@ -414,12 +413,13 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_unwrap *minor_status = ret; return GSS_S_FAILURE; } - krb5_enctype_to_keytype (context, key->keytype, &keytype); *minor_status = 0; - switch (keytype) { - case KEYTYPE_DES : + switch (key->keytype) { + case KRB5_ENCTYPE_DES_CBC_CRC : + case KRB5_ENCTYPE_DES_CBC_MD4 : + case KRB5_ENCTYPE_DES_CBC_MD5 : #ifdef HEIM_WEAK_CRYPTO ret = unwrap_des (minor_status, ctx, input_message_buffer, output_message_buffer, @@ -428,13 +428,14 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_unwrap ret = GSS_S_FAILURE; #endif break; - case KEYTYPE_DES3 : + case KRB5_ENCTYPE_DES3_CBC_MD5 : + case KRB5_ENCTYPE_DES3_CBC_SHA1 : ret = unwrap_des3 (minor_status, ctx, context, input_message_buffer, output_message_buffer, conf_state, qop_state, key); break; - case KEYTYPE_ARCFOUR: - case KEYTYPE_ARCFOUR_56: + case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5: + case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56: ret = _gssapi_unwrap_arcfour (minor_status, ctx, context, input_message_buffer, output_message_buffer, conf_state, qop_state, key); diff --git a/lib/gssapi/krb5/verify_mic.c b/lib/gssapi/krb5/verify_mic.c index 3123787ff..af06e0a1e 100644 --- a/lib/gssapi/krb5/verify_mic.c +++ b/lib/gssapi/krb5/verify_mic.c @@ -281,7 +281,6 @@ _gsskrb5_verify_mic_internal { krb5_keyblock *key; OM_uint32 ret; - krb5_keytype keytype; if (ctx->more_flags & IS_CFX) return _gssapi_verify_mic_cfx (minor_status, ctx, @@ -296,9 +295,11 @@ _gsskrb5_verify_mic_internal return GSS_S_FAILURE; } *minor_status = 0; - krb5_enctype_to_keytype (context, key->keytype, &keytype); - switch (keytype) { - case KEYTYPE_DES : + + switch (key->keytype) { + case KRB5_ENCTYPE_DES_CBC_CRC : + case KRB5_ENCTYPE_DES_CBC_MD4 : + case KRB5_ENCTYPE_DES_CBC_MD5 : #ifdef HEIM_WEAK_CRYPTO ret = verify_mic_des (minor_status, ctx, context, message_buffer, token_buffer, qop_state, key, @@ -307,13 +308,14 @@ _gsskrb5_verify_mic_internal ret = GSS_S_FAILURE; #endif break; - case KEYTYPE_DES3 : + case KRB5_ENCTYPE_DES3_CBC_MD5 : + case KRB5_ENCTYPE_DES3_CBC_SHA1 : ret = verify_mic_des3 (minor_status, ctx, context, message_buffer, token_buffer, qop_state, key, type); break; - case KEYTYPE_ARCFOUR : - case KEYTYPE_ARCFOUR_56 : + case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5: + case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56: ret = _gssapi_verify_mic_arcfour (minor_status, ctx, context, message_buffer, token_buffer, diff --git a/lib/gssapi/krb5/wrap.c b/lib/gssapi/krb5/wrap.c index 1026e4191..ccc9f554d 100644 --- a/lib/gssapi/krb5/wrap.c +++ b/lib/gssapi/krb5/wrap.c @@ -147,7 +147,6 @@ _gsskrb5_wrap_size_limit ( krb5_context context; krb5_keyblock *key; OM_uint32 ret; - krb5_keytype keytype; const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; GSSAPI_KRB5_INIT (&context); @@ -164,23 +163,25 @@ _gsskrb5_wrap_size_limit ( *minor_status = ret; return GSS_S_FAILURE; } - krb5_enctype_to_keytype (context, key->keytype, &keytype); - switch (keytype) { - case KEYTYPE_DES : + switch (key->keytype) { + case KRB5_ENCTYPE_DES_CBC_CRC : + case KRB5_ENCTYPE_DES_CBC_MD4 : + case KRB5_ENCTYPE_DES_CBC_MD5 : #ifdef HEIM_WEAK_CRYPTO ret = sub_wrap_size(req_output_size, max_input_size, 8, 22); #else ret = GSS_S_FAILURE; #endif break; - case ENCTYPE_ARCFOUR_HMAC_MD5: - case ENCTYPE_ARCFOUR_HMAC_MD5_56: + case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5: + case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56: ret = _gssapi_wrap_size_arcfour(minor_status, ctx, context, conf_req_flag, qop_req, req_output_size, max_input_size, key); break; - case KEYTYPE_DES3 : + case KRB5_ENCTYPE_DES3_CBC_MD5 : + case KRB5_ENCTYPE_DES3_CBC_SHA1 : ret = sub_wrap_size(req_output_size, max_input_size, 8, 34); break; default : @@ -558,10 +559,11 @@ _gsskrb5_wrap *minor_status = ret; return GSS_S_FAILURE; } - krb5_enctype_to_keytype (context, key->keytype, &keytype); - switch (keytype) { - case KEYTYPE_DES : + switch (key->keytype) { + case KRB5_ENCTYPE_DES_CBC_CRC : + case KRB5_ENCTYPE_DES_CBC_MD4 : + case KRB5_ENCTYPE_DES_CBC_MD5 : #ifdef HEIM_WEAK_CRYPTO ret = wrap_des (minor_status, ctx, context, conf_req_flag, qop_req, input_message_buffer, conf_state, @@ -570,13 +572,14 @@ _gsskrb5_wrap ret = GSS_S_FAILURE; #endif break; - case KEYTYPE_DES3 : + case KRB5_ENCTYPE_DES3_CBC_MD5 : + case KRB5_ENCTYPE_DES3_CBC_SHA1 : ret = wrap_des3 (minor_status, ctx, context, conf_req_flag, qop_req, input_message_buffer, conf_state, output_message_buffer, key); break; - case KEYTYPE_ARCFOUR: - case KEYTYPE_ARCFOUR_56: + case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5: + case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56: ret = _gssapi_wrap_arcfour (minor_status, ctx, context, conf_req_flag, qop_req, input_message_buffer, conf_state, output_message_buffer, key); diff --git a/lib/krb5/aes-test.c b/lib/krb5/aes-test.c index 19b0ddd07..8ebd58fb5 100644 --- a/lib/krb5/aes-test.c +++ b/lib/krb5/aes-test.c @@ -640,7 +640,7 @@ krb_enc_test(krb5_context context) static int iov_test(krb5_context context) { - krb5_enctype enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96; + krb5_enctype enctype = KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96; krb5_error_code ret; krb5_crypto crypto; krb5_keyblock key; diff --git a/lib/krb5/auth_context.c b/lib/krb5/auth_context.c index 25ae15cf0..33f4ed283 100644 --- a/lib/krb5/auth_context.c +++ b/lib/krb5/auth_context.c @@ -58,7 +58,7 @@ krb5_auth_con_init(krb5_context context, p->remote_address = NULL; p->local_port = 0; p->remote_port = 0; - p->keytype = ENCTYPE_NULL; + p->keytype = KRB5_ENCTYPE_NULL; p->cksumtype = CKSUMTYPE_NONE; *auth_context = p; return 0; diff --git a/lib/krb5/crypto-aes.c b/lib/krb5/crypto-aes.c index b97854206..783372b39 100644 --- a/lib/krb5/crypto-aes.c +++ b/lib/krb5/crypto-aes.c @@ -38,7 +38,7 @@ */ static struct _krb5_key_type keytype_aes128 = { - ENCTYPE_AES128_CTS_HMAC_SHA1_96, + KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96, "aes-128", 128, 16, @@ -52,7 +52,7 @@ static struct _krb5_key_type keytype_aes128 = { }; static struct _krb5_key_type keytype_aes256 = { - ENCTYPE_AES256_CTS_HMAC_SHA1_96, + KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96, "aes-256", 256, 32, diff --git a/lib/krb5/crypto-arcfour.c b/lib/krb5/crypto-arcfour.c index 1b369d2fd..1d4f94672 100644 --- a/lib/krb5/crypto-arcfour.c +++ b/lib/krb5/crypto-arcfour.c @@ -38,7 +38,7 @@ #include "krb5_locl.h" static struct _krb5_key_type keytype_arcfour = { - ENCTYPE_ARCFOUR_HMAC_MD5, + KRB5_ENCTYPE_ARCFOUR_HMAC_MD5, "arcfour", 128, 16, diff --git a/lib/krb5/crypto-null.c b/lib/krb5/crypto-null.c index 3b643123f..b647a6d10 100644 --- a/lib/krb5/crypto-null.c +++ b/lib/krb5/crypto-null.c @@ -38,7 +38,7 @@ #endif static struct _krb5_key_type keytype_null = { - ENCTYPE_NULL, + KRB5_ENCTYPE_NULL, "null", 0, 0, diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c index 37eb2c546..732311bec 100644 --- a/lib/krb5/crypto.c +++ b/lib/krb5/crypto.c @@ -1898,11 +1898,11 @@ _krb5_derive_key(krb5_context context, /* XXX keytype dependent post-processing */ switch(kt->type) { - case ETYPE_OLD_DES3_CBC_SHA1: + case KRB5_ENCTYPE_OLD_DES3_CBC_SHA1: _krb5_DES3_random_to_key(context, key->key, k, nblocks * et->blocksize); break; - case ENCTYPE_AES128_CTS_HMAC_SHA1_96: - case ENCTYPE_AES256_CTS_HMAC_SHA1_96: + case KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96: + case KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96: memcpy(key->key->keyvalue.data, k, key->key->keyvalue.length); break; default: diff --git a/lib/krb5/deprecated.c b/lib/krb5/deprecated.c index 1d44d21b1..8ead77b4f 100644 --- a/lib/krb5/deprecated.c +++ b/lib/krb5/deprecated.c @@ -94,13 +94,13 @@ static struct { const char *name; krb5_keytype type; } keys[] = { - { "null", ENCTYPE_NULL }, - { "des", ETYPE_DES_CBC_CRC }, - { "des3", ETYPE_OLD_DES3_CBC_SHA1 }, - { "aes-128", ETYPE_AES128_CTS_HMAC_SHA1_96 }, - { "aes-256", ETYPE_AES256_CTS_HMAC_SHA1_96 }, - { "arcfour", ETYPE_ARCFOUR_HMAC_MD5 }, - { "arcfour-56", ETYPE_ARCFOUR_HMAC_MD5_56 } + { "null", KRB5_ENCTYPE_NULL }, + { "des", KRB5_ENCTYPE_DES_CBC_CRC }, + { "des3", KRB5_ENCTYPE_OLD_DES3_CBC_SHA1 }, + { "aes-128", KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 }, + { "aes-256", KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 }, + { "arcfour", KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 }, + { "arcfour-56", KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56 } }; static int num_keys = sizeof(keys) / sizeof(keys[0]); diff --git a/lib/krb5/get_for_creds.c b/lib/krb5/get_for_creds.c index 979fc9b0a..2ec1c5e41 100644 --- a/lib/krb5/get_for_creds.c +++ b/lib/krb5/get_for_creds.c @@ -407,7 +407,7 @@ krb5_get_forwarded_creds (krb5_context context, */ if (auth_context->flags & KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED) { - cred.enc_part.etype = ENCTYPE_NULL; + cred.enc_part.etype = KRB5_ENCTYPE_NULL; cred.enc_part.kvno = NULL; cred.enc_part.cipher.data = buf; cred.enc_part.cipher.length = buf_size; diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index 37f4147c3..6c874126a 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -859,7 +859,7 @@ pa_pw_or_afs3_salt(krb5_context context, heim_octet_string *data) { krb5_error_code ret; - if (paid->etype == ENCTYPE_NULL) + if (paid->etype == KRB5_ENCTYPE_NULL) return NULL; ret = set_paid(paid, context, paid->etype, @@ -1204,7 +1204,7 @@ process_pa_data_to_md(krb5_context context, paid = calloc(1, sizeof(*paid)); - paid->etype = ENCTYPE_NULL; + paid->etype = KRB5_ENCTYPE_NULL; ppaid = process_pa_info(context, creds->client, a, paid, in_md); if (ppaid) diff --git a/lib/krb5/keyblock.c b/lib/krb5/keyblock.c index 9ba9c4b29..6e781aca7 100644 --- a/lib/krb5/keyblock.c +++ b/lib/krb5/keyblock.c @@ -65,7 +65,7 @@ krb5_free_keyblock_contents(krb5_context context, if (keyblock->keyvalue.data != NULL) memset(keyblock->keyvalue.data, 0, keyblock->keyvalue.length); krb5_data_free (&keyblock->keyvalue); - keyblock->keytype = ENCTYPE_NULL; + keyblock->keytype = KRB5_ENCTYPE_NULL; } } diff --git a/lib/krb5/krb5_auth_context.3 b/lib/krb5/krb5_auth_context.3 index ec7f8b31c..b627e480e 100644 --- a/lib/krb5/krb5_auth_context.3 +++ b/lib/krb5/krb5_auth_context.3 @@ -224,7 +224,7 @@ will force and .Fn krb5_fwd_tgt_creds to create unencrypted ) -.Dv ENCTYPE_NULL ) +.Dv KRB5_ENCTYPE_NULL ) credentials. This is for use with old MIT server and JAVA based servers as they can't handle encrypted