1/*- 2 * Copyright (c) 2008 Isilon Inc http://www.isilon.com/ 3 * Authors: Doug Rabson <dfr@rabson.org> 4 * Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 * 27 * $FreeBSD$ 28 */ 29 30#include <sys/_iovec.h> 31 32#define ETYPE_NULL 0 33#define ETYPE_DES_CBC_CRC 1 34#define ETYPE_DES_CBC_MD4 2 35#define ETYPE_DES_CBC_MD5 3 36#define ETYPE_DES3_CBC_MD5 5 37#define ETYPE_OLD_DES3_CBC_SHA1 7 38#define ETYPE_DES3_CBC_SHA1 16 39#define ETYPE_AES128_CTS_HMAC_SHA1_96 17 40#define ETYPE_AES256_CTS_HMAC_SHA1_96 18 41#define ETYPE_ARCFOUR_HMAC_MD5 23 42#define ETYPE_ARCFOUR_HMAC_MD5_56 24 43 44/* 45 * Key usages for des3-cbc-sha1 tokens 46 */ 47#define KG_USAGE_SEAL 22 48#define KG_USAGE_SIGN 23 49#define KG_USAGE_SEQ 24 50 51/* 52 * Key usages for RFC4121 tokens 53 */ 54#define KG_USAGE_ACCEPTOR_SEAL 22 55#define KG_USAGE_ACCEPTOR_SIGN 23 56#define KG_USAGE_INITIATOR_SEAL 24 57#define KG_USAGE_INITIATOR_SIGN 25 58 59struct krb5_key_state; 60 61typedef void init_func(struct krb5_key_state *ks); 62typedef void destroy_func(struct krb5_key_state *ks); 63typedef void set_key_func(struct krb5_key_state *ks, const void *in); 64typedef void random_to_key_func(struct krb5_key_state *ks, const void *in); 65typedef void encrypt_func(const struct krb5_key_state *ks, 66 struct mbuf *inout, size_t skip, size_t len, void *ivec, size_t ivlen); 67typedef void checksum_func(const struct krb5_key_state *ks, int usage, 68 struct mbuf *inout, size_t skip, size_t inlen, size_t outlen); 69 70struct krb5_encryption_class { 71 const char *ec_name; 72 int ec_type; 73 int ec_flags; 74#define EC_DERIVED_KEYS 1 75 size_t ec_blocklen; 76 size_t ec_msgblocklen; 77 size_t ec_checksumlen; 78 size_t ec_keybits; /* key length in bits */ 79 size_t ec_keylen; /* size of key in memory */ 80 init_func *ec_init; 81 destroy_func *ec_destroy; 82 set_key_func *ec_set_key; 83 random_to_key_func *ec_random_to_key; 84 encrypt_func *ec_encrypt; 85 encrypt_func *ec_decrypt; 86 checksum_func *ec_checksum; 87}; 88 89struct krb5_key_state { 90 const struct krb5_encryption_class *ks_class; 91 volatile u_int ks_refs; 92 void *ks_key; 93 void *ks_priv; 94}; 95 96extern struct krb5_encryption_class krb5_des_encryption_class; 97extern struct krb5_encryption_class krb5_des3_encryption_class; 98extern struct krb5_encryption_class krb5_aes128_encryption_class; 99extern struct krb5_encryption_class krb5_aes256_encryption_class; 100extern struct krb5_encryption_class krb5_arcfour_encryption_class; 101extern struct krb5_encryption_class krb5_arcfour_56_encryption_class; 102 103static __inline void 104krb5_set_key(struct krb5_key_state *ks, const void *keydata) 105{ 106 107 ks->ks_class->ec_set_key(ks, keydata); 108} 109 110static __inline void 111krb5_random_to_key(struct krb5_key_state *ks, const void *keydata) 112{ 113 114 ks->ks_class->ec_random_to_key(ks, keydata); 115} 116 117static __inline void 118krb5_encrypt(const struct krb5_key_state *ks, struct mbuf *inout, 119 size_t skip, size_t len, void *ivec, size_t ivlen) 120{ 121 122 ks->ks_class->ec_encrypt(ks, inout, skip, len, ivec, ivlen); 123} 124 125static __inline void 126krb5_decrypt(const struct krb5_key_state *ks, struct mbuf *inout, 127 size_t skip, size_t len, void *ivec, size_t ivlen) 128{ 129 130 ks->ks_class->ec_decrypt(ks, inout, skip, len, ivec, ivlen); 131} 132 133static __inline void 134krb5_checksum(const struct krb5_key_state *ks, int usage, 135 struct mbuf *inout, size_t skip, size_t inlen, size_t outlen) 136{ 137 138 ks->ks_class->ec_checksum(ks, usage, inout, skip, inlen, outlen); 139} 140 141extern struct krb5_encryption_class * 142 krb5_find_encryption_class(int etype); 143extern struct krb5_key_state * 144 krb5_create_key(const struct krb5_encryption_class *ec); 145extern void krb5_free_key(struct krb5_key_state *ks); 146extern struct krb5_key_state * 147 krb5_derive_key(struct krb5_key_state *inkey, 148 void *constant, size_t constantlen); 149extern struct krb5_key_state * 150 krb5_get_encryption_key(struct krb5_key_state *basekey, int usage); 151extern struct krb5_key_state * 152 krb5_get_integrity_key(struct krb5_key_state *basekey, int usage); 153extern struct krb5_key_state * 154 krb5_get_checksum_key(struct krb5_key_state *basekey, int usage); 155