2.ad l
3.nh
4.SH NAME
5Heimdal Kerberos 5 cryptography functions \-
6.SS "Functions"
7
8.in +1c
9.ti -1c
10.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_enctype_valid\fP (krb5_context context, krb5_enctype etype)"
11.br
12.ti -1c
13.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cksumtype_to_enctype\fP (krb5_context context, krb5_cksumtype ctype, krb5_enctype *etype)"
14.br
15.ti -1c
16.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_encrypt_iov_ivec\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, int num_data, void *ivec)"
17.br
18.ti -1c
19.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_decrypt_iov_ivec\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, unsigned int num_data, void *ivec)"
20.br
21.ti -1c
22.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_create_checksum_iov\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, unsigned int num_data, krb5_cksumtype *type)"
23.br
24.ti -1c
25.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_verify_checksum_iov\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, unsigned int num_data, krb5_cksumtype *type)"
26.br
27.ti -1c
28.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_init\fP (krb5_context context, const krb5_keyblock *key, krb5_enctype etype, krb5_crypto *crypto)"
29.br
30.ti -1c
31.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_destroy\fP (krb5_context context, krb5_crypto crypto)"
32.br
33.ti -1c
34.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getblocksize\fP (krb5_context context, krb5_crypto crypto, size_t *blocksize)"
35.br
36.ti -1c
37.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getenctype\fP (krb5_context context, krb5_crypto crypto, krb5_enctype *enctype)"
38.br
39.ti -1c
40.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getpadsize\fP (krb5_context context, krb5_crypto crypto, size_t *padsize)"
41.br
42.ti -1c
43.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getconfoundersize\fP (krb5_context context, krb5_crypto crypto, size_t *confoundersize)"
44.br
45.ti -1c
46.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_enctype_disable\fP (krb5_context context, krb5_enctype enctype)"
47.br
48.ti -1c
49.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_enctype_enable\fP (krb5_context context, krb5_enctype enctype)"
50.br
51.ti -1c
52.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_allow_weak_crypto\fP (krb5_context context, krb5_boolean enable)"
53.br
54.ti -1c
55.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_random_to_key\fP (krb5_context context, krb5_enctype type, const void *data, size_t size, krb5_keyblock *key)"
56.br
57.ti -1c
58.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_fx_cf2\fP (krb5_context context, const krb5_crypto crypto1, const krb5_crypto crypto2, krb5_data *pepper1, krb5_data *pepper2, krb5_enctype enctype, krb5_keyblock *res)"
59.br
60.ti -1c
61.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_generate_subkey_extended\fP (krb5_context context, const krb5_keyblock *key, krb5_enctype etype, krb5_keyblock **subkey)"
62.br
63.ti -1c
64.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_keyblock_zero\fP (krb5_keyblock *keyblock)"
65.br
66.ti -1c
67.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_keyblock_contents\fP (krb5_context context, krb5_keyblock *keyblock)"
68.br
69.ti -1c
70.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_keyblock\fP (krb5_context context, krb5_keyblock *keyblock)"
71.br
72.ti -1c
73.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_keyblock_contents\fP (krb5_context context, const krb5_keyblock *inblock, krb5_keyblock *to)"
74.br
75.ti -1c
76.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_keyblock\fP (krb5_context context, const krb5_keyblock *inblock, krb5_keyblock **to)"
77.br
78.ti -1c
79.RI "KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL \fBkrb5_keyblock_get_enctype\fP (const krb5_keyblock *block)"
80.br
81.ti -1c
82.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_keyblock_init\fP (krb5_context context, krb5_enctype type, const void *data, size_t size, krb5_keyblock *key)"
83.br
84.in -1c
85.SH "Detailed Description"
86.PP
87
88.SH "Function Documentation"
89.PP
90.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_allow_weak_crypto (krb5_context context, krb5_boolean enable)"
91.PP
92Enable or disable all weak encryption types
93.PP
94\fBParameters:\fP
95.RS 4
96\fIcontext\fP Kerberos 5 context
97.br
98\fIenable\fP true to enable, false to disable
99.RE
100.PP
101\fBReturns:\fP
102.RS 4
103Return an error code or 0.
104.RE
105.PP
106
107.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cksumtype_to_enctype (krb5_context context, krb5_cksumtype ctype, krb5_enctype * etype)"
108.PP
109Return the coresponding encryption type for a checksum type.
110.PP
111\fBParameters:\fP
112.RS 4
113\fIcontext\fP Kerberos context
114.br
115\fIctype\fP The checksum type to get the result enctype for
116.br
117\fIetype\fP The returned encryption, when the matching etype is not found, etype is set to ETYPE_NULL.
118.RE
119.PP
120\fBReturns:\fP
121.RS 4
122Return an error code for an failure or 0 on success.
123.RE
124.PP
125
126.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock (krb5_context context, const krb5_keyblock * inblock, krb5_keyblock ** to)"
127.PP
128Copy a keyblock, free the output keyblock with \fBkrb5_free_keyblock()\fP.
129.PP
130\fBParameters:\fP
131.RS 4
132\fIcontext\fP a Kerberos 5 context
133.br
134\fIinblock\fP the key to copy
135.br
136\fIto\fP the output key.
137.RE
138.PP
139\fBReturns:\fP
140.RS 4
1410 on success or a Kerberos 5 error code
142.RE
143.PP
144
145.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock_contents (krb5_context context, const krb5_keyblock * inblock, krb5_keyblock * to)"
146.PP
147Copy a keyblock, free the output keyblock with \fBkrb5_free_keyblock_contents()\fP.
148.PP
149\fBParameters:\fP
150.RS 4
151\fIcontext\fP a Kerberos 5 context
152.br
153\fIinblock\fP the key to copy
154.br
155\fIto\fP the output key.
156.RE
157.PP
158\fBReturns:\fP
159.RS 4
1600 on success or a Kerberos 5 error code
161.RE
162.PP
163
164.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_create_checksum_iov (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, unsigned int num_data, krb5_cksumtype * type)"
165.PP
166Create a Kerberos message checksum.
167.PP
168\fBParameters:\fP
169.RS 4
170\fIcontext\fP Kerberos context
171.br
172\fIcrypto\fP Kerberos crypto context
173.br
174\fIusage\fP Key usage for this buffer
175.br
176\fIdata\fP array of buffers to process
177.br
178\fInum_data\fP length of array
179.br
180\fItype\fP output data
181.RE
182.PP
183\fBReturns:\fP
184.RS 4
185Return an error code or 0.
186.RE
187.PP
188
189.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_destroy (krb5_context context, krb5_crypto crypto)"
190.PP
191Free a crypto context created by \fBkrb5_crypto_init()\fP.
192.PP
193\fBParameters:\fP
194.RS 4
195\fIcontext\fP Kerberos context
196.br
197\fIcrypto\fP crypto context to free
198.RE
199.PP
200\fBReturns:\fP
201.RS 4
202Return an error code or 0.
203.RE
204.PP
205
206.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_fx_cf2 (krb5_context context, const krb5_crypto crypto1, const krb5_crypto crypto2, krb5_data * pepper1, krb5_data * pepper2, krb5_enctype enctype, krb5_keyblock * res)"
207.PP
208The FX-CF2 key derivation function, used in FAST and preauth framework.
209.PP
210\fBParameters:\fP
211.RS 4
212\fIcontext\fP Kerberos 5 context
213.br
214\fIcrypto1\fP first key to combine
215.br
216\fIcrypto2\fP second key to combine
217.br
218\fIpepper1\fP factor to combine with first key to garante uniqueness
219.br
220\fIpepper2\fP factor to combine with second key to garante uniqueness
221.br
222\fIenctype\fP the encryption type of the resulting key
223.br
224\fIres\fP allocated key, free with \fBkrb5_free_keyblock_contents()\fP
225.RE
226.PP
227\fBReturns:\fP
228.RS 4
229Return an error code or 0.
230.RE
231.PP
232
233.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getblocksize (krb5_context context, krb5_crypto crypto, size_t * blocksize)"
234.PP
235Return the blocksize used algorithm referenced by the crypto context
236.PP
237\fBParameters:\fP
238.RS 4
239\fIcontext\fP Kerberos context
240.br
241\fIcrypto\fP crypto context to query
242.br
243\fIblocksize\fP the resulting blocksize
244.RE
245.PP
246\fBReturns:\fP
247.RS 4
248Return an error code or 0.
249.RE
250.PP
251
252.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getconfoundersize (krb5_context context, krb5_crypto crypto, size_t * confoundersize)"
253.PP
254Return the confounder size used by the crypto context
255.PP
256\fBParameters:\fP
257.RS 4
258\fIcontext\fP Kerberos context
259.br
260\fIcrypto\fP crypto context to query
261.br
262\fIconfoundersize\fP the returned confounder size
263.RE
264.PP
265\fBReturns:\fP
266.RS 4
267Return an error code or 0.
268.RE
269.PP
270
271.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getenctype (krb5_context context, krb5_crypto crypto, krb5_enctype * enctype)"
272.PP
273Return the encryption type used by the crypto context
274.PP
275\fBParameters:\fP
276.RS 4
277\fIcontext\fP Kerberos context
278.br
279\fIcrypto\fP crypto context to query
280.br
281\fIenctype\fP the resulting encryption type
282.RE
283.PP
284\fBReturns:\fP
285.RS 4
286Return an error code or 0.
287.RE
288.PP
289
290.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getpadsize (krb5_context context, krb5_crypto crypto, size_t * padsize)"
291.PP
292Return the padding size used by the crypto context
293.PP
294\fBParameters:\fP
295.RS 4
296\fIcontext\fP Kerberos context
297.br
298\fIcrypto\fP crypto context to query
299.br
300\fIpadsize\fP the return padding size
301.RE
302.PP
303\fBReturns:\fP
304.RS 4
305Return an error code or 0.
306.RE
307.PP
308
309.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_init (krb5_context context, const krb5_keyblock * key, krb5_enctype etype, krb5_crypto * crypto)"
310.PP
311Create a crypto context used for all encryption and signature operation. The encryption type to use is taken from the key, but can be overridden with the enctype parameter. This can be useful for encryptions types which is compatiable (DES for example).
312.PP
313To free the crypto context, use \fBkrb5_crypto_destroy()\fP.
314.PP
315\fBParameters:\fP
316.RS 4
317\fIcontext\fP Kerberos context
318.br
319\fIkey\fP the key block information with all key data
320.br
321\fIetype\fP the encryption type
322.br
323\fIcrypto\fP the resulting crypto context
324.RE
325.PP
326\fBReturns:\fP
327.RS 4
328Return an error code or 0.
329.RE
330.PP
331
332.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_iov_ivec (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, unsigned int num_data, void * ivec)"
333.PP
334Inline decrypt a Kerberos message.
335.PP
336\fBParameters:\fP
337.RS 4
338\fIcontext\fP Kerberos context
339.br
340\fIcrypto\fP Kerberos crypto context
341.br
342\fIusage\fP Key usage for this buffer
343.br
344\fIdata\fP array of buffers to process
345.br
346\fInum_data\fP length of array
347.br
348\fIivec\fP initial cbc/cts vector
349.RE
350.PP
351\fBReturns:\fP
352.RS 4
353Return an error code or 0.
354.RE
355.PP
3561. KRB5_CRYPTO_TYPE_HEADER 2. one KRB5_CRYPTO_TYPE_DATA and array [0,...] of KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver have to aware of the order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used unencrypoted protocol headers and trailers. The output data will be of same size as the input data or shorter.
357.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_iov_ivec (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, int num_data, void * ivec)"
358.PP
359Inline encrypt a kerberos message
360.PP
361\fBParameters:\fP
362.RS 4
363\fIcontext\fP Kerberos context
364.br
365\fIcrypto\fP Kerberos crypto context
366.br
367\fIusage\fP Key usage for this buffer
368.br
369\fIdata\fP array of buffers to process
370.br
371\fInum_data\fP length of array
372.br
373\fIivec\fP initial cbc/cts vector
374.RE
375.PP
376\fBReturns:\fP
377.RS 4
378Return an error code or 0.
379.RE
380.PP
381Kerberos encrypted data look like this:
382.PP
3831. KRB5_CRYPTO_TYPE_HEADER 2. array [1,...] KRB5_CRYPTO_TYPE_DATA and array [0,...] KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver have to aware of the order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used headers and trailers. 3. KRB5_CRYPTO_TYPE_PADDING, at least on padsize long if padsize > 1 4. KRB5_CRYPTO_TYPE_TRAILER
384.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_disable (krb5_context context, krb5_enctype enctype)"
385.PP
386Disable encryption type
387.PP
388\fBParameters:\fP
389.RS 4
390\fIcontext\fP Kerberos 5 context
391.br
392\fIenctype\fP encryption type to disable
393.RE
394.PP
395\fBReturns:\fP
396.RS 4
397Return an error code or 0.
398.RE
399.PP
400
401.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_enable (krb5_context context, krb5_enctype enctype)"
402.PP
403Enable encryption type
404.PP
405\fBParameters:\fP
406.RS 4
407\fIcontext\fP Kerberos 5 context
408.br
409\fIenctype\fP encryption type to enable
410.RE
411.PP
412\fBReturns:\fP
413.RS 4
414Return an error code or 0.
415.RE
416.PP
417
418.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_valid (krb5_context context, krb5_enctype etype)"
419.PP
420Check if a enctype is valid, return 0 if it is.
421.PP
422\fBParameters:\fP
423.RS 4
424\fIcontext\fP Kerberos context
425.br
426\fIetype\fP enctype to check if its valid or not
427.RE
428.PP
429\fBReturns:\fP
430.RS 4
431Return an error code for an failure or 0 on success (enctype valid).
432.RE
433.PP
434
435.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock (krb5_context context, krb5_keyblock * keyblock)"
436.PP
437Free a keyblock, also zero out the content of the keyblock, uses \fBkrb5_free_keyblock_contents()\fP to free the content.
438.PP
439\fBParameters:\fP
440.RS 4
441\fIcontext\fP a Kerberos 5 context
442.br
443\fIkeyblock\fP keyblock to free, NULL is valid argument
444.RE
445.PP
446
447.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock_contents (krb5_context context, krb5_keyblock * keyblock)"
448.PP
449Free a keyblock's content, also zero out the content of the keyblock.
450.PP
451\fBParameters:\fP
452.RS 4
453\fIcontext\fP a Kerberos 5 context
454.br
455\fIkeyblock\fP keyblock content to free, NULL is valid argument
456.RE
457.PP
458
459.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey_extended (krb5_context context, const krb5_keyblock * key, krb5_enctype etype, krb5_keyblock ** subkey)"
460.PP
461Generate subkey, from keyblock
462.PP
463\fBParameters:\fP
464.RS 4
465\fIcontext\fP kerberos context
466.br
467\fIkey\fP session key
468.br
469\fIetype\fP encryption type of subkey, if ETYPE_NULL, use key's enctype
470.br
471\fIsubkey\fP returned new, free with \fBkrb5_free_keyblock()\fP.
472.RE
473.PP
474\fBReturns:\fP
475.RS 4
4760 on success or a Kerberos 5 error code
477.RE
478.PP
479
480.SS "KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL krb5_keyblock_get_enctype (const krb5_keyblock * block)"
481.PP
482Get encryption type of a keyblock.
483.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keyblock_init (krb5_context context, krb5_enctype type, const void * data, size_t size, krb5_keyblock * key)"
484.PP
485Fill in `key' with key data of type `enctype' from `data' of length `size'. Key should be freed using \fBkrb5_free_keyblock_contents()\fP.
486.PP
487\fBReturns:\fP
488.RS 4
4890 on success or a Kerberos 5 error code
490.RE
491.PP
492
493.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_keyblock_zero (krb5_keyblock * keyblock)"
494.PP
495Zero out a keyblock
496.PP
497\fBParameters:\fP
498.RS 4
499\fIkeyblock\fP keyblock to zero out
500.RE
501.PP
502
503.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_random_to_key (krb5_context context, krb5_enctype type, const void * data, size_t size, krb5_keyblock * key)"
504.PP
505Converts the random bytestring to a protocol key according to Kerberos crypto frame work. It may be assumed that all the bits of the input string are equally random, even though the entropy present in the random source may be limited.
506.PP
507\fBParameters:\fP
508.RS 4
509\fIcontext\fP Kerberos 5 context
510.br
511\fItype\fP the enctype resulting key will be of
512.br
513\fIdata\fP input random data to convert to a key
514.br
515\fIsize\fP size of input random data, at least krb5_enctype_keysize() long
516.br
517\fIkey\fP key, output key, free with \fBkrb5_free_keyblock_contents()\fP
518.RE
519.PP
520\fBReturns:\fP
521.RS 4
522Return an error code or 0.
523.RE
524.PP
525
526.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_checksum_iov (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, unsigned int num_data, krb5_cksumtype * type)"
527.PP
528Verify a Kerberos message checksum.
529.PP
530\fBParameters:\fP
531.RS 4
532\fIcontext\fP Kerberos context
533.br
534\fIcrypto\fP Kerberos crypto context
535.br
536\fIusage\fP Key usage for this buffer
537.br
538\fIdata\fP array of buffers to process
539.br
540\fInum_data\fP length of array
541.br
542\fItype\fP return checksum type if not NULL
543.RE
544.PP
545\fBReturns:\fP
546.RS 4
547Return an error code or 0.
548.RE
549.PP
550
|