1184588Sdfr/*- 2184588Sdfr * Copyright (c) 2008 Isilon Inc http://www.isilon.com/ 3184588Sdfr * Authors: Doug Rabson <dfr@rabson.org> 4184588Sdfr * Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org> 5184588Sdfr * 6184588Sdfr * Redistribution and use in source and binary forms, with or without 7184588Sdfr * modification, are permitted provided that the following conditions 8184588Sdfr * are met: 9184588Sdfr * 1. Redistributions of source code must retain the above copyright 10184588Sdfr * notice, this list of conditions and the following disclaimer. 11184588Sdfr * 2. Redistributions in binary form must reproduce the above copyright 12184588Sdfr * notice, this list of conditions and the following disclaimer in the 13184588Sdfr * documentation and/or other materials provided with the distribution. 14184588Sdfr * 15184588Sdfr * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16184588Sdfr * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17184588Sdfr * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18184588Sdfr * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19184588Sdfr * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20184588Sdfr * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21184588Sdfr * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22184588Sdfr * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23184588Sdfr * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24184588Sdfr * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25184588Sdfr * SUCH DAMAGE. 26184588Sdfr * 27184588Sdfr * $FreeBSD: stable/11/sys/kgssapi/krb5/kcrypto.h 351358 2019-08-21 22:42:08Z jhb $ 28184588Sdfr */ 29184588Sdfr 30184588Sdfr#include <sys/_iovec.h> 31184588Sdfr 32184588Sdfr#define ETYPE_NULL 0 33184588Sdfr#define ETYPE_DES_CBC_CRC 1 34184588Sdfr#define ETYPE_DES_CBC_MD4 2 35184588Sdfr#define ETYPE_DES_CBC_MD5 3 36184588Sdfr#define ETYPE_DES3_CBC_MD5 5 37184588Sdfr#define ETYPE_OLD_DES3_CBC_SHA1 7 38184588Sdfr#define ETYPE_DES3_CBC_SHA1 16 39184588Sdfr#define ETYPE_AES128_CTS_HMAC_SHA1_96 17 40184588Sdfr#define ETYPE_AES256_CTS_HMAC_SHA1_96 18 41184588Sdfr#define ETYPE_ARCFOUR_HMAC_MD5 23 42184588Sdfr#define ETYPE_ARCFOUR_HMAC_MD5_56 24 43184588Sdfr 44184588Sdfr/* 45184588Sdfr * Key usages for des3-cbc-sha1 tokens 46184588Sdfr */ 47184588Sdfr#define KG_USAGE_SEAL 22 48184588Sdfr#define KG_USAGE_SIGN 23 49184588Sdfr#define KG_USAGE_SEQ 24 50184588Sdfr 51184588Sdfr/* 52184588Sdfr * Key usages for RFC4121 tokens 53184588Sdfr */ 54184588Sdfr#define KG_USAGE_ACCEPTOR_SEAL 22 55184588Sdfr#define KG_USAGE_ACCEPTOR_SIGN 23 56184588Sdfr#define KG_USAGE_INITIATOR_SEAL 24 57184588Sdfr#define KG_USAGE_INITIATOR_SIGN 25 58184588Sdfr 59184588Sdfrstruct krb5_key_state; 60184588Sdfr 61184588Sdfrtypedef void init_func(struct krb5_key_state *ks); 62184588Sdfrtypedef void destroy_func(struct krb5_key_state *ks); 63184588Sdfrtypedef void set_key_func(struct krb5_key_state *ks, const void *in); 64184588Sdfrtypedef void random_to_key_func(struct krb5_key_state *ks, const void *in); 65184588Sdfrtypedef void encrypt_func(const struct krb5_key_state *ks, 66184588Sdfr struct mbuf *inout, size_t skip, size_t len, void *ivec, size_t ivlen); 67184588Sdfrtypedef void checksum_func(const struct krb5_key_state *ks, int usage, 68184588Sdfr struct mbuf *inout, size_t skip, size_t inlen, size_t outlen); 69184588Sdfr 70184588Sdfrstruct krb5_encryption_class { 71184588Sdfr const char *ec_name; 72184588Sdfr int ec_type; 73184588Sdfr int ec_flags; 74184588Sdfr#define EC_DERIVED_KEYS 1 75184588Sdfr size_t ec_blocklen; 76184588Sdfr size_t ec_msgblocklen; 77184588Sdfr size_t ec_checksumlen; 78184588Sdfr size_t ec_keybits; /* key length in bits */ 79184588Sdfr size_t ec_keylen; /* size of key in memory */ 80184588Sdfr init_func *ec_init; 81184588Sdfr destroy_func *ec_destroy; 82184588Sdfr set_key_func *ec_set_key; 83184588Sdfr random_to_key_func *ec_random_to_key; 84184588Sdfr encrypt_func *ec_encrypt; 85184588Sdfr encrypt_func *ec_decrypt; 86184588Sdfr checksum_func *ec_checksum; 87184588Sdfr}; 88184588Sdfr 89184588Sdfrstruct krb5_key_state { 90184588Sdfr const struct krb5_encryption_class *ks_class; 91184588Sdfr volatile u_int ks_refs; 92184588Sdfr void *ks_key; 93184588Sdfr void *ks_priv; 94184588Sdfr}; 95184588Sdfr 96184588Sdfrextern struct krb5_encryption_class krb5_des_encryption_class; 97184588Sdfrextern struct krb5_encryption_class krb5_des3_encryption_class; 98184588Sdfrextern struct krb5_encryption_class krb5_aes128_encryption_class; 99184588Sdfrextern struct krb5_encryption_class krb5_aes256_encryption_class; 100184588Sdfrextern struct krb5_encryption_class krb5_arcfour_encryption_class; 101184588Sdfrextern struct krb5_encryption_class krb5_arcfour_56_encryption_class; 102351358Sjhbextern struct timeval krb5_warn_interval; 103184588Sdfr 104184588Sdfrstatic __inline void 105184588Sdfrkrb5_set_key(struct krb5_key_state *ks, const void *keydata) 106184588Sdfr{ 107184588Sdfr 108184588Sdfr ks->ks_class->ec_set_key(ks, keydata); 109184588Sdfr} 110184588Sdfr 111184588Sdfrstatic __inline void 112184588Sdfrkrb5_random_to_key(struct krb5_key_state *ks, const void *keydata) 113184588Sdfr{ 114184588Sdfr 115184588Sdfr ks->ks_class->ec_random_to_key(ks, keydata); 116184588Sdfr} 117184588Sdfr 118184588Sdfrstatic __inline void 119184588Sdfrkrb5_encrypt(const struct krb5_key_state *ks, struct mbuf *inout, 120184588Sdfr size_t skip, size_t len, void *ivec, size_t ivlen) 121184588Sdfr{ 122184588Sdfr 123184588Sdfr ks->ks_class->ec_encrypt(ks, inout, skip, len, ivec, ivlen); 124184588Sdfr} 125184588Sdfr 126184588Sdfrstatic __inline void 127184588Sdfrkrb5_decrypt(const struct krb5_key_state *ks, struct mbuf *inout, 128184588Sdfr size_t skip, size_t len, void *ivec, size_t ivlen) 129184588Sdfr{ 130184588Sdfr 131184588Sdfr ks->ks_class->ec_decrypt(ks, inout, skip, len, ivec, ivlen); 132184588Sdfr} 133184588Sdfr 134184588Sdfrstatic __inline void 135184588Sdfrkrb5_checksum(const struct krb5_key_state *ks, int usage, 136184588Sdfr struct mbuf *inout, size_t skip, size_t inlen, size_t outlen) 137184588Sdfr{ 138184588Sdfr 139184588Sdfr ks->ks_class->ec_checksum(ks, usage, inout, skip, inlen, outlen); 140184588Sdfr} 141184588Sdfr 142184588Sdfrextern struct krb5_encryption_class * 143184588Sdfr krb5_find_encryption_class(int etype); 144184588Sdfrextern struct krb5_key_state * 145184588Sdfr krb5_create_key(const struct krb5_encryption_class *ec); 146184588Sdfrextern void krb5_free_key(struct krb5_key_state *ks); 147184588Sdfrextern struct krb5_key_state * 148184588Sdfr krb5_derive_key(struct krb5_key_state *inkey, 149184588Sdfr void *constant, size_t constantlen); 150184588Sdfrextern struct krb5_key_state * 151184588Sdfr krb5_get_encryption_key(struct krb5_key_state *basekey, int usage); 152184588Sdfrextern struct krb5_key_state * 153184588Sdfr krb5_get_integrity_key(struct krb5_key_state *basekey, int usage); 154184588Sdfrextern struct krb5_key_state * 155184588Sdfr krb5_get_checksum_key(struct krb5_key_state *basekey, int usage); 156