1226031Sstas/* 2226031Sstas * Copyright (c) 1997 - 2008 Kungliga Tekniska H��gskolan 3226031Sstas * (Royal Institute of Technology, Stockholm, Sweden). 4226031Sstas * All rights reserved. 5226031Sstas * 6226031Sstas * Redistribution and use in source and binary forms, with or without 7226031Sstas * modification, are permitted provided that the following conditions 8226031Sstas * are met: 9226031Sstas * 10226031Sstas * 1. Redistributions of source code must retain the above copyright 11226031Sstas * notice, this list of conditions and the following disclaimer. 12226031Sstas * 13226031Sstas * 2. Redistributions in binary form must reproduce the above copyright 14226031Sstas * notice, this list of conditions and the following disclaimer in the 15226031Sstas * documentation and/or other materials provided with the distribution. 16226031Sstas * 17226031Sstas * 3. Neither the name of the Institute nor the names of its contributors 18226031Sstas * may be used to endorse or promote products derived from this software 19226031Sstas * without specific prior written permission. 20226031Sstas * 21226031Sstas * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22226031Sstas * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23226031Sstas * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24226031Sstas * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25226031Sstas * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26226031Sstas * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27226031Sstas * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28226031Sstas * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29226031Sstas * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30226031Sstas * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31226031Sstas * SUCH DAMAGE. 32226031Sstas */ 33226031Sstas 34226031Sstas#ifndef HEIMDAL_SMALLER 35226031Sstas#define DES3_OLD_ENCTYPE 1 36226031Sstas#endif 37226031Sstas 38226031Sstasstruct _krb5_key_data { 39226031Sstas krb5_keyblock *key; 40226031Sstas krb5_data *schedule; 41226031Sstas}; 42226031Sstas 43226031Sstasstruct _krb5_key_usage; 44226031Sstas 45226031Sstasstruct krb5_crypto_data { 46226031Sstas struct _krb5_encryption_type *et; 47226031Sstas struct _krb5_key_data key; 48226031Sstas int num_key_usage; 49226031Sstas struct _krb5_key_usage *key_usage; 50226031Sstas}; 51226031Sstas 52226031Sstas#define CRYPTO_ETYPE(C) ((C)->et->type) 53226031Sstas 54226031Sstas/* bits for `flags' below */ 55226031Sstas#define F_KEYED 1 /* checksum is keyed */ 56226031Sstas#define F_CPROOF 2 /* checksum is collision proof */ 57226031Sstas#define F_DERIVED 4 /* uses derived keys */ 58226031Sstas#define F_VARIANT 8 /* uses `variant' keys (6.4.3) */ 59226031Sstas#define F_PSEUDO 16 /* not a real protocol type */ 60226031Sstas#define F_SPECIAL 32 /* backwards */ 61226031Sstas#define F_DISABLED 64 /* enctype/checksum disabled */ 62226031Sstas#define F_WEAK 128 /* enctype is considered weak */ 63226031Sstas 64226031Sstasstruct salt_type { 65226031Sstas krb5_salttype type; 66226031Sstas const char *name; 67226031Sstas krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data, 68226031Sstas krb5_salt, krb5_data, krb5_keyblock*); 69226031Sstas}; 70226031Sstas 71226031Sstasstruct _krb5_key_type { 72226031Sstas krb5_enctype type; 73226031Sstas const char *name; 74226031Sstas size_t bits; 75226031Sstas size_t size; 76226031Sstas size_t schedule_size; 77226031Sstas void (*random_key)(krb5_context, krb5_keyblock*); 78226031Sstas void (*schedule)(krb5_context, struct _krb5_key_type *, struct _krb5_key_data *); 79226031Sstas struct salt_type *string_to_key; 80226031Sstas void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t); 81226031Sstas void (*cleanup)(krb5_context, struct _krb5_key_data *); 82226031Sstas const EVP_CIPHER *(*evp)(void); 83226031Sstas}; 84226031Sstas 85226031Sstasstruct _krb5_checksum_type { 86226031Sstas krb5_cksumtype type; 87226031Sstas const char *name; 88226031Sstas size_t blocksize; 89226031Sstas size_t checksumsize; 90226031Sstas unsigned flags; 91226031Sstas krb5_error_code (*checksum)(krb5_context context, 92226031Sstas struct _krb5_key_data *key, 93226031Sstas const void *buf, size_t len, 94226031Sstas unsigned usage, 95226031Sstas Checksum *csum); 96226031Sstas krb5_error_code (*verify)(krb5_context context, 97226031Sstas struct _krb5_key_data *key, 98226031Sstas const void *buf, size_t len, 99226031Sstas unsigned usage, 100226031Sstas Checksum *csum); 101226031Sstas}; 102226031Sstas 103226031Sstasstruct _krb5_encryption_type { 104226031Sstas krb5_enctype type; 105226031Sstas const char *name; 106226031Sstas size_t blocksize; 107226031Sstas size_t padsize; 108226031Sstas size_t confoundersize; 109226031Sstas struct _krb5_key_type *keytype; 110226031Sstas struct _krb5_checksum_type *checksum; 111226031Sstas struct _krb5_checksum_type *keyed_checksum; 112226031Sstas unsigned flags; 113226031Sstas krb5_error_code (*encrypt)(krb5_context context, 114226031Sstas struct _krb5_key_data *key, 115226031Sstas void *data, size_t len, 116226031Sstas krb5_boolean encryptp, 117226031Sstas int usage, 118226031Sstas void *ivec); 119226031Sstas size_t prf_length; 120226031Sstas krb5_error_code (*prf)(krb5_context, 121226031Sstas krb5_crypto, const krb5_data *, krb5_data *); 122226031Sstas}; 123226031Sstas 124226031Sstas#define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA) 125226031Sstas#define INTEGRITY_USAGE(U) (((U) << 8) | 0x55) 126226031Sstas#define CHECKSUM_USAGE(U) (((U) << 8) | 0x99) 127226031Sstas 128226031Sstas/* Checksums */ 129226031Sstas 130226031Sstasextern struct _krb5_checksum_type _krb5_checksum_none; 131226031Sstasextern struct _krb5_checksum_type _krb5_checksum_crc32; 132226031Sstasextern struct _krb5_checksum_type _krb5_checksum_rsa_md4; 133226031Sstasextern struct _krb5_checksum_type _krb5_checksum_rsa_md4_des; 134226031Sstasextern struct _krb5_checksum_type _krb5_checksum_rsa_md5_des; 135226031Sstasextern struct _krb5_checksum_type _krb5_checksum_rsa_md5_des3; 136226031Sstasextern struct _krb5_checksum_type _krb5_checksum_rsa_md5; 137226031Sstasextern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_des3; 138226031Sstasextern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128; 139226031Sstasextern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256; 140226031Sstasextern struct _krb5_checksum_type _krb5_checksum_hmac_md5; 141226031Sstasextern struct _krb5_checksum_type _krb5_checksum_sha1; 142226031Sstas 143226031Sstasextern struct _krb5_checksum_type *_krb5_checksum_types[]; 144226031Sstasextern int _krb5_num_checksums; 145226031Sstas 146226031Sstas/* Salts */ 147226031Sstas 148226031Sstasextern struct salt_type _krb5_AES_salt[]; 149226031Sstasextern struct salt_type _krb5_arcfour_salt[]; 150226031Sstasextern struct salt_type _krb5_des_salt[]; 151226031Sstasextern struct salt_type _krb5_des3_salt[]; 152226031Sstasextern struct salt_type _krb5_des3_salt_derived[]; 153226031Sstas 154226031Sstas/* Encryption types */ 155226031Sstas 156226031Sstasextern struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha1; 157226031Sstasextern struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha1; 158226031Sstasextern struct _krb5_encryption_type _krb5_enctype_des3_cbc_sha1; 159226031Sstasextern struct _krb5_encryption_type _krb5_enctype_des3_cbc_md5; 160226031Sstasextern struct _krb5_encryption_type _krb5_enctype_des3_cbc_none; 161226031Sstasextern struct _krb5_encryption_type _krb5_enctype_arcfour_hmac_md5; 162226031Sstasextern struct _krb5_encryption_type _krb5_enctype_des_cbc_md5; 163226031Sstasextern struct _krb5_encryption_type _krb5_enctype_old_des3_cbc_sha1; 164226031Sstasextern struct _krb5_encryption_type _krb5_enctype_des_cbc_crc; 165226031Sstasextern struct _krb5_encryption_type _krb5_enctype_des_cbc_md4; 166226031Sstasextern struct _krb5_encryption_type _krb5_enctype_des_cbc_md5; 167226031Sstasextern struct _krb5_encryption_type _krb5_enctype_des_cbc_none; 168226031Sstasextern struct _krb5_encryption_type _krb5_enctype_des_cfb64_none; 169226031Sstasextern struct _krb5_encryption_type _krb5_enctype_des_pcbc_none; 170226031Sstasextern struct _krb5_encryption_type _krb5_enctype_null; 171226031Sstas 172226031Sstasextern struct _krb5_encryption_type *_krb5_etypes[]; 173226031Sstasextern int _krb5_num_etypes; 174226031Sstas 175226031Sstas/* Interface to the EVP crypto layer provided by hcrypto */ 176226031Sstasstruct _krb5_evp_schedule { 177226031Sstas EVP_CIPHER_CTX ectx; 178226031Sstas EVP_CIPHER_CTX dctx; 179226031Sstas}; 180