2.ad l 3.nh 4.SH NAME 5Heimdal Kerberos 5 cryptography functions \- 6.SS "Functions" 7 8.in +1c 9.ti -1c 10.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_enctype_valid\fP (krb5_context context, krb5_enctype etype)" 11.br 12.ti -1c 13.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cksumtype_to_enctype\fP (krb5_context context, krb5_cksumtype ctype, krb5_enctype *etype)" 14.br 15.ti -1c 16.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_encrypt_iov_ivec\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, int num_data, void *ivec)" 17.br 18.ti -1c 19.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_decrypt_iov_ivec\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, unsigned int num_data, void *ivec)" 20.br 21.ti -1c 22.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_create_checksum_iov\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, unsigned int num_data, krb5_cksumtype *type)" 23.br 24.ti -1c 25.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_verify_checksum_iov\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, unsigned int num_data, krb5_cksumtype *type)" 26.br 27.ti -1c 28.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_init\fP (krb5_context context, const krb5_keyblock *key, krb5_enctype etype, krb5_crypto *crypto)" 29.br 30.ti -1c 31.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_destroy\fP (krb5_context context, krb5_crypto crypto)" 32.br 33.ti -1c 34.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getblocksize\fP (krb5_context context, krb5_crypto crypto, size_t *blocksize)" 35.br 36.ti -1c 37.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getenctype\fP (krb5_context context, krb5_crypto crypto, krb5_enctype *enctype)" 38.br 39.ti -1c 40.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getpadsize\fP (krb5_context context, krb5_crypto crypto, size_t *padsize)" 41.br 42.ti -1c 43.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getconfoundersize\fP (krb5_context context, krb5_crypto crypto, size_t *confoundersize)" 44.br 45.ti -1c 46.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_enctype_disable\fP (krb5_context context, krb5_enctype enctype)" 47.br 48.ti -1c 49.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_enctype_enable\fP (krb5_context context, krb5_enctype enctype)" 50.br 51.ti -1c 52.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_allow_weak_crypto\fP (krb5_context context, krb5_boolean enable)" 53.br 54.ti -1c 55.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_random_to_key\fP (krb5_context context, krb5_enctype type, const void *data, size_t size, krb5_keyblock *key)" 56.br 57.ti -1c 58.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_fx_cf2\fP (krb5_context context, const krb5_crypto crypto1, const krb5_crypto crypto2, krb5_data *pepper1, krb5_data *pepper2, krb5_enctype enctype, krb5_keyblock *res)" 59.br 60.ti -1c 61.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_generate_subkey_extended\fP (krb5_context context, const krb5_keyblock *key, krb5_enctype etype, krb5_keyblock **subkey)" 62.br 63.ti -1c 64.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_keyblock_zero\fP (krb5_keyblock *keyblock)" 65.br 66.ti -1c 67.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_keyblock_contents\fP (krb5_context context, krb5_keyblock *keyblock)" 68.br 69.ti -1c 70.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_keyblock\fP (krb5_context context, krb5_keyblock *keyblock)" 71.br 72.ti -1c 73.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_keyblock_contents\fP (krb5_context context, const krb5_keyblock *inblock, krb5_keyblock *to)" 74.br 75.ti -1c 76.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_keyblock\fP (krb5_context context, const krb5_keyblock *inblock, krb5_keyblock **to)" 77.br 78.ti -1c 79.RI "KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL \fBkrb5_keyblock_get_enctype\fP (const krb5_keyblock *block)" 80.br 81.ti -1c 82.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_keyblock_init\fP (krb5_context context, krb5_enctype type, const void *data, size_t size, krb5_keyblock *key)" 83.br 84.in -1c 85.SH "Detailed Description" 86.PP 87 88.SH "Function Documentation" 89.PP 90.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_allow_weak_crypto (krb5_context context, krb5_boolean enable)" 91.PP 92Enable or disable all weak encryption types 93.PP 94\fBParameters:\fP 95.RS 4 96\fIcontext\fP Kerberos 5 context 97.br 98\fIenable\fP true to enable, false to disable 99.RE 100.PP 101\fBReturns:\fP 102.RS 4 103Return an error code or 0. 104.RE 105.PP 106 107.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cksumtype_to_enctype (krb5_context context, krb5_cksumtype ctype, krb5_enctype * etype)" 108.PP 109Return the coresponding encryption type for a checksum type. 110.PP 111\fBParameters:\fP 112.RS 4 113\fIcontext\fP Kerberos context 114.br 115\fIctype\fP The checksum type to get the result enctype for 116.br 117\fIetype\fP The returned encryption, when the matching etype is not found, etype is set to ETYPE_NULL. 118.RE 119.PP 120\fBReturns:\fP 121.RS 4 122Return an error code for an failure or 0 on success. 123.RE 124.PP 125 126.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock (krb5_context context, const krb5_keyblock * inblock, krb5_keyblock ** to)" 127.PP 128Copy a keyblock, free the output keyblock with \fBkrb5_free_keyblock()\fP. 129.PP 130\fBParameters:\fP 131.RS 4 132\fIcontext\fP a Kerberos 5 context 133.br 134\fIinblock\fP the key to copy 135.br 136\fIto\fP the output key. 137.RE 138.PP 139\fBReturns:\fP 140.RS 4 1410 on success or a Kerberos 5 error code 142.RE 143.PP 144 145.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock_contents (krb5_context context, const krb5_keyblock * inblock, krb5_keyblock * to)" 146.PP 147Copy a keyblock, free the output keyblock with \fBkrb5_free_keyblock_contents()\fP. 148.PP 149\fBParameters:\fP 150.RS 4 151\fIcontext\fP a Kerberos 5 context 152.br 153\fIinblock\fP the key to copy 154.br 155\fIto\fP the output key. 156.RE 157.PP 158\fBReturns:\fP 159.RS 4 1600 on success or a Kerberos 5 error code 161.RE 162.PP 163 164.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_create_checksum_iov (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, unsigned int num_data, krb5_cksumtype * type)" 165.PP 166Create a Kerberos message checksum. 167.PP 168\fBParameters:\fP 169.RS 4 170\fIcontext\fP Kerberos context 171.br 172\fIcrypto\fP Kerberos crypto context 173.br 174\fIusage\fP Key usage for this buffer 175.br 176\fIdata\fP array of buffers to process 177.br 178\fInum_data\fP length of array 179.br 180\fItype\fP output data 181.RE 182.PP 183\fBReturns:\fP 184.RS 4 185Return an error code or 0. 186.RE 187.PP 188 189.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_destroy (krb5_context context, krb5_crypto crypto)" 190.PP 191Free a crypto context created by \fBkrb5_crypto_init()\fP. 192.PP 193\fBParameters:\fP 194.RS 4 195\fIcontext\fP Kerberos context 196.br 197\fIcrypto\fP crypto context to free 198.RE 199.PP 200\fBReturns:\fP 201.RS 4 202Return an error code or 0. 203.RE 204.PP 205 206.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_fx_cf2 (krb5_context context, const krb5_crypto crypto1, const krb5_crypto crypto2, krb5_data * pepper1, krb5_data * pepper2, krb5_enctype enctype, krb5_keyblock * res)" 207.PP 208The FX-CF2 key derivation function, used in FAST and preauth framework. 209.PP 210\fBParameters:\fP 211.RS 4 212\fIcontext\fP Kerberos 5 context 213.br 214\fIcrypto1\fP first key to combine 215.br 216\fIcrypto2\fP second key to combine 217.br 218\fIpepper1\fP factor to combine with first key to garante uniqueness 219.br 220\fIpepper2\fP factor to combine with second key to garante uniqueness 221.br 222\fIenctype\fP the encryption type of the resulting key 223.br 224\fIres\fP allocated key, free with \fBkrb5_free_keyblock_contents()\fP 225.RE 226.PP 227\fBReturns:\fP 228.RS 4 229Return an error code or 0. 230.RE 231.PP 232 233.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getblocksize (krb5_context context, krb5_crypto crypto, size_t * blocksize)" 234.PP 235Return the blocksize used algorithm referenced by the crypto context 236.PP 237\fBParameters:\fP 238.RS 4 239\fIcontext\fP Kerberos context 240.br 241\fIcrypto\fP crypto context to query 242.br 243\fIblocksize\fP the resulting blocksize 244.RE 245.PP 246\fBReturns:\fP 247.RS 4 248Return an error code or 0. 249.RE 250.PP 251 252.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getconfoundersize (krb5_context context, krb5_crypto crypto, size_t * confoundersize)" 253.PP 254Return the confounder size used by the crypto context 255.PP 256\fBParameters:\fP 257.RS 4 258\fIcontext\fP Kerberos context 259.br 260\fIcrypto\fP crypto context to query 261.br 262\fIconfoundersize\fP the returned confounder size 263.RE 264.PP 265\fBReturns:\fP 266.RS 4 267Return an error code or 0. 268.RE 269.PP 270 271.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getenctype (krb5_context context, krb5_crypto crypto, krb5_enctype * enctype)" 272.PP 273Return the encryption type used by the crypto context 274.PP 275\fBParameters:\fP 276.RS 4 277\fIcontext\fP Kerberos context 278.br 279\fIcrypto\fP crypto context to query 280.br 281\fIenctype\fP the resulting encryption type 282.RE 283.PP 284\fBReturns:\fP 285.RS 4 286Return an error code or 0. 287.RE 288.PP 289 290.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getpadsize (krb5_context context, krb5_crypto crypto, size_t * padsize)" 291.PP 292Return the padding size used by the crypto context 293.PP 294\fBParameters:\fP 295.RS 4 296\fIcontext\fP Kerberos context 297.br 298\fIcrypto\fP crypto context to query 299.br 300\fIpadsize\fP the return padding size 301.RE 302.PP 303\fBReturns:\fP 304.RS 4 305Return an error code or 0. 306.RE 307.PP 308 309.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_init (krb5_context context, const krb5_keyblock * key, krb5_enctype etype, krb5_crypto * crypto)" 310.PP 311Create a crypto context used for all encryption and signature operation. The encryption type to use is taken from the key, but can be overridden with the enctype parameter. This can be useful for encryptions types which is compatiable (DES for example). 312.PP 313To free the crypto context, use \fBkrb5_crypto_destroy()\fP. 314.PP 315\fBParameters:\fP 316.RS 4 317\fIcontext\fP Kerberos context 318.br 319\fIkey\fP the key block information with all key data 320.br 321\fIetype\fP the encryption type 322.br 323\fIcrypto\fP the resulting crypto context 324.RE 325.PP 326\fBReturns:\fP 327.RS 4 328Return an error code or 0. 329.RE 330.PP 331 332.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_iov_ivec (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, unsigned int num_data, void * ivec)" 333.PP 334Inline decrypt a Kerberos message. 335.PP 336\fBParameters:\fP 337.RS 4 338\fIcontext\fP Kerberos context 339.br 340\fIcrypto\fP Kerberos crypto context 341.br 342\fIusage\fP Key usage for this buffer 343.br 344\fIdata\fP array of buffers to process 345.br 346\fInum_data\fP length of array 347.br 348\fIivec\fP initial cbc/cts vector 349.RE 350.PP 351\fBReturns:\fP 352.RS 4 353Return an error code or 0. 354.RE 355.PP 3561. KRB5_CRYPTO_TYPE_HEADER 2. one KRB5_CRYPTO_TYPE_DATA and array [0,...] of KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver have to aware of the order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used unencrypoted protocol headers and trailers. The output data will be of same size as the input data or shorter. 357.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_iov_ivec (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, int num_data, void * ivec)" 358.PP 359Inline encrypt a kerberos message 360.PP 361\fBParameters:\fP 362.RS 4 363\fIcontext\fP Kerberos context 364.br 365\fIcrypto\fP Kerberos crypto context 366.br 367\fIusage\fP Key usage for this buffer 368.br 369\fIdata\fP array of buffers to process 370.br 371\fInum_data\fP length of array 372.br 373\fIivec\fP initial cbc/cts vector 374.RE 375.PP 376\fBReturns:\fP 377.RS 4 378Return an error code or 0. 379.RE 380.PP 381Kerberos encrypted data look like this: 382.PP 3831. KRB5_CRYPTO_TYPE_HEADER 2. array [1,...] KRB5_CRYPTO_TYPE_DATA and array [0,...] KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver have to aware of the order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used headers and trailers. 3. KRB5_CRYPTO_TYPE_PADDING, at least on padsize long if padsize > 1 4. KRB5_CRYPTO_TYPE_TRAILER 384.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_disable (krb5_context context, krb5_enctype enctype)" 385.PP 386Disable encryption type 387.PP 388\fBParameters:\fP 389.RS 4 390\fIcontext\fP Kerberos 5 context 391.br 392\fIenctype\fP encryption type to disable 393.RE 394.PP 395\fBReturns:\fP 396.RS 4 397Return an error code or 0. 398.RE 399.PP 400 401.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_enable (krb5_context context, krb5_enctype enctype)" 402.PP 403Enable encryption type 404.PP 405\fBParameters:\fP 406.RS 4 407\fIcontext\fP Kerberos 5 context 408.br 409\fIenctype\fP encryption type to enable 410.RE 411.PP 412\fBReturns:\fP 413.RS 4 414Return an error code or 0. 415.RE 416.PP 417 418.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_valid (krb5_context context, krb5_enctype etype)" 419.PP 420Check if a enctype is valid, return 0 if it is. 421.PP 422\fBParameters:\fP 423.RS 4 424\fIcontext\fP Kerberos context 425.br 426\fIetype\fP enctype to check if its valid or not 427.RE 428.PP 429\fBReturns:\fP 430.RS 4 431Return an error code for an failure or 0 on success (enctype valid). 432.RE 433.PP 434 435.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock (krb5_context context, krb5_keyblock * keyblock)" 436.PP 437Free a keyblock, also zero out the content of the keyblock, uses \fBkrb5_free_keyblock_contents()\fP to free the content. 438.PP 439\fBParameters:\fP 440.RS 4 441\fIcontext\fP a Kerberos 5 context 442.br 443\fIkeyblock\fP keyblock to free, NULL is valid argument 444.RE 445.PP 446 447.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock_contents (krb5_context context, krb5_keyblock * keyblock)" 448.PP 449Free a keyblock's content, also zero out the content of the keyblock. 450.PP 451\fBParameters:\fP 452.RS 4 453\fIcontext\fP a Kerberos 5 context 454.br 455\fIkeyblock\fP keyblock content to free, NULL is valid argument 456.RE 457.PP 458 459.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey_extended (krb5_context context, const krb5_keyblock * key, krb5_enctype etype, krb5_keyblock ** subkey)" 460.PP 461Generate subkey, from keyblock 462.PP 463\fBParameters:\fP 464.RS 4 465\fIcontext\fP kerberos context 466.br 467\fIkey\fP session key 468.br 469\fIetype\fP encryption type of subkey, if ETYPE_NULL, use key's enctype 470.br 471\fIsubkey\fP returned new, free with \fBkrb5_free_keyblock()\fP. 472.RE 473.PP 474\fBReturns:\fP 475.RS 4 4760 on success or a Kerberos 5 error code 477.RE 478.PP 479 480.SS "KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL krb5_keyblock_get_enctype (const krb5_keyblock * block)" 481.PP 482Get encryption type of a keyblock. 483.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keyblock_init (krb5_context context, krb5_enctype type, const void * data, size_t size, krb5_keyblock * key)" 484.PP 485Fill in `key' with key data of type `enctype' from `data' of length `size'. Key should be freed using \fBkrb5_free_keyblock_contents()\fP. 486.PP 487\fBReturns:\fP 488.RS 4 4890 on success or a Kerberos 5 error code 490.RE 491.PP 492 493.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_keyblock_zero (krb5_keyblock * keyblock)" 494.PP 495Zero out a keyblock 496.PP 497\fBParameters:\fP 498.RS 4 499\fIkeyblock\fP keyblock to zero out 500.RE 501.PP 502 503.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_random_to_key (krb5_context context, krb5_enctype type, const void * data, size_t size, krb5_keyblock * key)" 504.PP 505Converts the random bytestring to a protocol key according to Kerberos crypto frame work. It may be assumed that all the bits of the input string are equally random, even though the entropy present in the random source may be limited. 506.PP 507\fBParameters:\fP 508.RS 4 509\fIcontext\fP Kerberos 5 context 510.br 511\fItype\fP the enctype resulting key will be of 512.br 513\fIdata\fP input random data to convert to a key 514.br 515\fIsize\fP size of input random data, at least krb5_enctype_keysize() long 516.br 517\fIkey\fP key, output key, free with \fBkrb5_free_keyblock_contents()\fP 518.RE 519.PP 520\fBReturns:\fP 521.RS 4 522Return an error code or 0. 523.RE 524.PP 525 526.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_checksum_iov (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, unsigned int num_data, krb5_cksumtype * type)" 527.PP 528Verify a Kerberos message checksum. 529.PP 530\fBParameters:\fP 531.RS 4 532\fIcontext\fP Kerberos context 533.br 534\fIcrypto\fP Kerberos crypto context 535.br 536\fIusage\fP Key usage for this buffer 537.br 538\fIdata\fP array of buffers to process 539.br 540\fInum_data\fP length of array 541.br 542\fItype\fP return checksum type if not NULL 543.RE 544.PP 545\fBReturns:\fP 546.RS 4 547Return an error code or 0. 548.RE 549.PP 550
|