Lines Matching +defs:crypto +defs:type
48 static struct _krb5_key_data *_new_derived_key(krb5_crypto crypto, unsigned usage);
72 N_("Encryption type %s not supported", ""),
84 krb5_enctype type,
87 struct _krb5_encryption_type *et = _krb5_find_enctype(type);
89 return unsupported_enctype (context, type);
97 krb5_enctype type,
100 struct _krb5_encryption_type *et = _krb5_find_enctype(type);
102 return unsupported_enctype (context, type);
110 krb5_enctype type,
114 struct _krb5_encryption_type *et = _krb5_find_enctype(type);
116 return unsupported_enctype (context, type);
121 key->keytype = type;
254 N_("checksum type %d not supported", ""),
304 _krb5_find_checksum(krb5_cksumtype type)
308 if(_krb5_checksum_types[i]->type == type)
315 krb5_crypto crypto,
322 HEIMDAL_MUTEX_lock(&crypto->mutex);
325 ret = _get_derived_key(context, crypto, usage, key);
331 *key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */);
336 ret = krb5_copy_keyblock(context, crypto->key.key, &(*key)->key);
342 *key = &crypto->key;
347 HEIMDAL_MUTEX_unlock(&crypto->mutex);
355 krb5_crypto crypto,
370 if(keyed_checksum && crypto == NULL) {
372 N_("Checksum type %s is keyed but no "
373 "crypto context (key) was passed in", ""),
378 ret = get_checksum_key(context, crypto, usage, ct, &dkey);
383 result->cksumtype = ct->type;
392 arcfour_checksum_p(struct _krb5_checksum_type *ct, krb5_crypto crypto)
394 return (ct->type == CKSUMTYPE_HMAC_MD5) &&
395 (crypto->key.key->keytype == KEYTYPE_ARCFOUR);
401 krb5_crypto crypto,
403 int type,
411 /* type 0 -> pick from crypto */
412 if (type) {
413 ct = _krb5_find_checksum(type);
414 } else if (crypto) {
415 ct = crypto->et->keyed_checksum;
417 ct = crypto->et->checksum;
422 N_("checksum type %d not supported", ""),
423 type);
428 if (arcfour_checksum_p(ct, crypto)) {
435 return create_checksum(context, ct, crypto, keyusage,
441 krb5_crypto crypto,
456 N_("checksum type %d not supported", ""),
463 N_("Decrypt integrity check failed for checksum type %s, "
473 if (crypto == NULL) {
475 N_("Checksum type %s is keyed but no "
476 "crypto context (key) was passed in", ""),
480 kct = crypto->et->keyed_checksum;
481 if (kct != NULL && kct->type != ct->type) {
483 N_("Checksum type %s is keyed, but "
484 "the key type %s passed didnt have that checksum "
485 "type as the keyed type", ""),
486 ct->name, crypto->et->name);
490 ret = get_checksum_key(context, crypto, usage, ct, &dkey);
506 "type %s, key type %s", ""),
507 ct->name, (crypto != NULL)? crypto->et->name : "(none)");
525 "type %s, key type %s", ""),
526 ct->name, crypto ? crypto->et->name : "(unkeyed)");
536 krb5_crypto crypto,
548 N_("checksum type %d not supported", ""),
554 if (arcfour_checksum_p(ct, crypto)) {
561 return verify_checksum(context, crypto, keyusage,
567 krb5_crypto crypto,
568 krb5_cksumtype *type)
572 if (crypto != NULL) {
573 ct = crypto->et->keyed_checksum;
575 ct = crypto->et->checksum;
580 N_("checksum type not found", ""));
584 *type = ct->type;
592 krb5_cksumtype type,
595 struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
598 N_("checksum type %d not supported", ""),
599 type);
608 krb5_cksumtype type)
610 struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
614 N_("checksum type %d not supported", ""),
615 type);
623 krb5_cksumtype type)
625 struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
629 N_("checksum type %d not supported", ""),
630 type);
638 krb5_cksumtype type)
640 struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
644 N_("checksum type %d not supported", ""),
645 type);
657 _krb5_find_enctype(krb5_enctype type)
661 if(_krb5_etypes[i]->type == type)
676 N_("encryption type %d not supported", ""),
697 *etype = _krb5_etypes[i]->type;
701 N_("encryption type %s not supported", ""),
715 *keytype = e->keytype->type; /* XXX */
743 N_("encryption type %s is disabled", ""),
749 * Return the coresponding encryption type for a checksum type.
752 * @param ctype The checksum type to get the result enctype for
772 _krb5_etypes[i]->keyed_checksum->type == ctype)
774 *etype = _krb5_etypes[i]->type;
780 N_("checksum type %d not supported", ""),
793 N_("checksum type %d not supported", ""),
799 N_("checksum type %s is disabled", ""),
809 krb5_crypto crypto)
811 return (crypto->et->flags & F_DERIVED) != 0;
816 krb5_crypto crypto)
818 return (crypto->et->flags & F_SPECIAL) != 0;
822 #define CHECKSUMTYPE(C) ((C)->type)
826 krb5_crypto crypto,
838 const struct _krb5_encryption_type *et = crypto->et;
858 crypto,
873 HEIMDAL_MUTEX_lock(&crypto->mutex);
874 ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
878 HEIMDAL_MUTEX_unlock(&crypto->mutex);
896 krb5_crypto crypto,
906 const struct _krb5_encryption_type *et = crypto->et;
927 crypto,
941 HEIMDAL_MUTEX_lock(&crypto->mutex);
942 ret = _key_schedule(context, &crypto->key);
943 HEIMDAL_MUTEX_unlock(&crypto->mutex);
946 ret = (*et->encrypt)(context, &crypto->key, p, block_sz, 1, 0, ivec);
963 krb5_crypto crypto,
970 struct _krb5_encryption_type *et = crypto->et;
987 ret = (*et->encrypt)(context, &crypto->key, tmp, sz, TRUE, usage, ivec);
1000 krb5_crypto crypto,
1012 struct _krb5_encryption_type *et = crypto->et;
1037 HEIMDAL_MUTEX_lock(&crypto->mutex);
1038 ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
1044 HEIMDAL_MUTEX_unlock(&crypto->mutex);
1060 crypto,
1083 krb5_crypto crypto,
1093 struct _krb5_encryption_type *et = crypto->et;
1114 HEIMDAL_MUTEX_lock(&crypto->mutex);
1115 ret = _key_schedule(context, &crypto->key);
1116 HEIMDAL_MUTEX_unlock(&crypto->mutex);
1121 ret = (*et->encrypt)(context, &crypto->key, p, len, 0, 0, ivec);
1153 krb5_crypto crypto,
1160 struct _krb5_encryption_type *et = crypto->et;
1184 ret = (*et->encrypt)(context, &crypto->key, p, len, FALSE, usage, ivec);
1202 find_iv(krb5_crypto_iov *data, size_t num_data, unsigned type)
1206 if (data[i].flags == type)
1215 * @param crypto Kerberos crypto context
1237 krb5_crypto crypto,
1250 const struct _krb5_encryption_type *et = crypto->et;
1258 if(!derived_crypto(context, crypto)) {
1334 crypto,
1370 HEIMDAL_MUTEX_lock(&crypto->mutex);
1371 ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
1377 HEIMDAL_MUTEX_unlock(&crypto->mutex);
1413 * @param crypto Kerberos crypto context
1432 krb5_crypto crypto,
1444 struct _krb5_encryption_type *et = crypto->et;
1447 if(!derived_crypto(context, crypto)) {
1495 HEIMDAL_MUTEX_lock(&crypto->mutex);
1496 ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
1502 HEIMDAL_MUTEX_unlock(&crypto->mutex);
1552 crypto,
1565 * @param crypto Kerberos crypto context
1569 * @param type output data
1577 krb5_crypto crypto,
1581 krb5_cksumtype *type)
1590 if(!derived_crypto(context, crypto)) {
1617 ret = krb5_create_checksum(context, crypto, usage, 0, p, len, &cksum);
1622 if (type)
1623 *type = cksum.cksumtype;
1643 * @param crypto Kerberos crypto context
1647 * @param type return checksum type if not NULL
1655 krb5_crypto crypto,
1659 krb5_cksumtype *type)
1661 struct _krb5_encryption_type *et = crypto->et;
1669 if(!derived_crypto(context, crypto)) {
1700 ret = krb5_verify_checksum(context, crypto, usage, p, len, &cksum);
1703 if (ret == 0 && type)
1704 *type = cksum.cksumtype;
1712 krb5_crypto crypto,
1713 int type,
1716 if (!derived_crypto(context, crypto)) {
1717 krb5_set_error_message(context, EINVAL, "not a derived crypto");
1721 switch(type) {
1726 *len = crypto->et->blocksize;
1733 if (crypto->et->padsize > 1)
1734 *len = crypto->et->padsize;
1739 *len = CHECKSUMSIZE(crypto->et->keyed_checksum);
1742 if (crypto->et->keyed_checksum)
1743 *len = CHECKSUMSIZE(crypto->et->keyed_checksum);
1745 *len = CHECKSUMSIZE(crypto->et->checksum);
1749 "%d not a supported type", type);
1756 krb5_crypto crypto,
1764 ret = krb5_crypto_length(context, crypto,
1776 krb5_crypto crypto,
1783 if(derived_crypto(context, crypto))
1784 return encrypt_internal_derived(context, crypto, usage,
1786 else if (special_crypto(context, crypto))
1787 return encrypt_internal_special (context, crypto, usage,
1790 return encrypt_internal(context, crypto, data, len, result, ivec);
1795 krb5_crypto crypto,
1801 return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL);
1806 krb5_crypto crypto,
1813 result->etype = CRYPTO_ETYPE(crypto);
1819 return krb5_encrypt(context, crypto, usage, data, len, &result->cipher);
1824 krb5_crypto crypto,
1831 if(derived_crypto(context, crypto))
1832 return decrypt_internal_derived(context, crypto, usage,
1834 else if (special_crypto (context, crypto))
1835 return decrypt_internal_special(context, crypto, usage,
1838 return decrypt_internal(context, crypto, data, len, result, ivec);
1843 krb5_crypto crypto,
1849 return krb5_decrypt_ivec (context, crypto, usage, data, len, result,
1855 krb5_crypto crypto,
1860 return krb5_decrypt(context, crypto, usage,
1865 * Assume crypto context related to key is locked or local
1933 switch(kt->type) {
1945 kt->type);
1961 * Assumes that crypto is locked
1965 _new_derived_key(krb5_crypto crypto, unsigned usage)
1968 d = realloc(crypto->key_usage, (crypto->num_key_usage + 1) * sizeof(crypto->key_usage));
1971 crypto->key_usage = d;
1973 e = crypto->key_usage[crypto->num_key_usage] = malloc(sizeof(*e));
1977 crypto->num_key_usage++;
2022 krb5_crypto crypto,
2030 for(i = 0; i < crypto->num_key_usage; i++)
2031 if(crypto->key_usage[i]->usage == usage) {
2032 *key = &crypto->key_usage[i]->key;
2035 d = _new_derived_key(crypto, usage);
2037 HEIMDAL_MUTEX_unlock(&crypto->mutex);
2041 krb5_copy_keyblock(context, crypto->key.key, &d->key);
2043 _krb5_derive_key(context, crypto->et, d, constant, sizeof(constant));
2049 * Create a crypto context used for all encryption and signature
2050 * operation. The encryption type to use is taken from the key, but
2054 * To free the crypto context, use krb5_crypto_destroy().
2058 * @param etype the encryption type
2059 * @param crypto the resulting crypto context
2070 krb5_crypto *crypto)
2073 ALLOC(*crypto, 1);
2074 if(*crypto == NULL) {
2080 (*crypto)->et = _krb5_find_enctype(etype);
2081 if((*crypto)->et == NULL || ((*crypto)->et->flags & F_DISABLED)) {
2082 free(*crypto);
2083 *crypto = NULL;
2086 if((*crypto)->et->keytype->size != key->keyvalue.length) {
2087 free(*crypto);
2088 *crypto = NULL;
2093 ret = krb5_copy_keyblock(context, key, &(*crypto)->key.key);
2095 free(*crypto);
2096 *crypto = NULL;
2099 (*crypto)->key.schedule = NULL;
2100 (*crypto)->num_key_usage = 0;
2101 (*crypto)->key_usage = NULL;
2102 HEIMDAL_MUTEX_init(&(*crypto)->mutex);
2137 * Free a crypto context created by krb5_crypto_init().
2140 * @param crypto crypto context to free
2149 krb5_crypto crypto)
2153 if (crypto == NULL)
2156 HEIMDAL_MUTEX_destroy(&crypto->mutex);
2157 for(i = 0; i < crypto->num_key_usage; i++)
2158 free_key_usage(context, crypto->key_usage[i], crypto->et);
2159 free(crypto->key_usage);
2160 _krb5_free_key_data(context, &crypto->key, crypto->et);
2161 free (crypto);
2166 * Return the blocksize used algorithm referenced by the crypto context
2169 * @param crypto crypto context to query
2179 krb5_crypto crypto,
2182 *blocksize = crypto->et->blocksize;
2187 * Return the encryption type used by the crypto context
2190 * @param crypto crypto context to query
2191 * @param enctype the resulting encryption type
2200 krb5_crypto crypto,
2203 *enctype = crypto->et->type;
2208 * Return the padding size used by the crypto context
2211 * @param crypto crypto context to query
2221 krb5_crypto crypto,
2224 *padsize = crypto->et->padsize;
2229 * Return the confounder size used by the crypto context
2232 * @param crypto crypto context to query
2242 krb5_crypto crypto,
2245 *confoundersize = crypto->et->confoundersize;
2251 * Disable encryption type
2254 * @param enctype encryption type to disable
2269 N_("encryption type %d not supported", ""),
2278 * Enable encryption type
2281 * @param enctype encryption type to enable
2296 N_("encryption type %d not supported", ""),
2335 * @param enctype encryption type to probe
2337 * @return Returns true if encryption type is weak or is not supported.
2353 krb5_crypto crypto,
2356 struct _krb5_encryption_type *et = crypto->et;
2368 krb5_crypto crypto,
2371 struct _krb5_encryption_type *et = crypto->et;
2390 krb5_crypto crypto,
2393 if (derived_crypto (context, crypto))
2394 return wrapped_length_dervied (context, crypto, data_len);
2396 return wrapped_length (context, crypto, data_len);
2405 krb5_crypto crypto)
2407 struct _krb5_encryption_type *et = crypto->et;
2419 krb5_crypto crypto)
2421 struct _krb5_encryption_type *et = crypto->et;
2435 krb5_crypto_overhead (krb5_context context, krb5_crypto crypto)
2437 if (derived_crypto (context, crypto))
2438 return crypto_overhead_dervied (context, crypto);
2440 return crypto_overhead (context, crypto);
2445 * Kerberos crypto frame work. It may be assumed that all the bits of
2450 * @param type the enctype resulting key will be of
2462 krb5_enctype type,
2468 struct _krb5_encryption_type *et = _krb5_find_enctype(type);
2471 N_("encryption type %d not supported", ""),
2472 type);
2486 key->keytype = type;
2499 krb5_enctype type,
2502 struct _krb5_encryption_type *et = _krb5_find_enctype(type);
2506 N_("encryption type %d not supported", ""),
2507 type);
2517 const krb5_crypto crypto,
2521 struct _krb5_encryption_type *et = crypto->et;
2532 return (*et->prf)(context, crypto, input, output);
2537 const krb5_crypto crypto,
2568 ret = krb5_crypto_prf(context, crypto, &input2, &block);
2598 * @param enctype the encryption type of the resulting key
2672 if (_krb5_etypes[i]->keytype->type == keytype
2674 && krb5_enctype_valid(context, _krb5_etypes[i]->type) == 0)
2690 if (_krb5_etypes[i]->keytype->type == keytype
2692 && krb5_enctype_valid(context, _krb5_etypes[i]->type) == 0)
2693 ret[n++] = _krb5_etypes[i]->type;
2719 * Return the coresponding encryption type for a checksum type.
2722 * @param ctype The checksum type to get the result enctype for
2743 etypes[i]->keyed_checksum->type == ctype)
2745 *etype = etypes[i]->type;
2751 N_("checksum type %d not supported", ""),
2764 N_("encryption type %d not supported", ""),
2768 *keytype = e->keytype->type; /* XXX */
2779 krb5_crypto crypto)
2781 struct encryption_type *et = crypto->et;
2793 krb5_crypto crypto)
2795 struct encryption_type *et = crypto->et;
2809 krb5_crypto_overhead (krb5_context context, krb5_crypto crypto)
2811 if (derived_crypto (context, crypto))
2812 return crypto_overhead_dervied (context, crypto);
2814 return crypto_overhead (context, crypto);