crypto.h
1 /* 2 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #ifndef HEIMDAL_SMALLER 35 #define DES3_OLD_ENCTYPE 1 36 #endif 37 38 struct _krb5_key_data { 39 krb5_keyblock *key; 40 krb5_data *schedule; 41 }; 42 43 struct _krb5_key_usage; 44 45 /* 46 * Locking rules for krb5_crypto are the following: 47 * 48 * all data are immutable once the lock is dropped 49 * 50 * When adding a setting up a new usage or keydata or the assosiated 51 * schedule the lock must be held, after the data is initialized, it 52 * can be assumed to be valid until krb5_crypto_destroy() 53 * 54 * Changing the values of keys are thus not allowed after 55 * krb5_crypto_init() have completed. 56 */ 57 58 struct krb5_crypto_data { 59 struct _krb5_encryption_type *et; 60 struct _krb5_key_data key; 61 int num_key_usage; 62 struct _krb5_key_usage **key_usage; 63 HEIMDAL_MUTEX mutex; 64 }; 65 66 #define CRYPTO_ETYPE(C) ((C)->et->type) 67 68 /* bits for `flags' below */ 69 #define F_KEYED 1 /* checksum is keyed */ 70 #define F_CPROOF 2 /* checksum is collision proof */ 71 #define F_DERIVED 4 /* uses derived keys */ 72 #define F_VARIANT 8 /* uses `variant' keys (6.4.3) */ 73 #define F_PSEUDO 16 /* not a real protocol type */ 74 #define F_SPECIAL 32 /* backwards */ 75 #define F_DISABLED 64 /* enctype/checksum disabled */ 76 #define F_WEAK 128 /* enctype is weak */ 77 #define F_WARNING 256 /* enctype is considered weak, warn user for now */ 78 79 struct salt_type { 80 krb5_salttype type; 81 const char *name; 82 krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data, 83 krb5_salt, krb5_data, krb5_keyblock*); 84 }; 85 86 struct _krb5_key_type { 87 krb5_enctype type; 88 const char *name; 89 size_t bits; 90 size_t size; 91 size_t schedule_size; 92 void (*random_key)(krb5_context, krb5_keyblock*); 93 void (*schedule)(krb5_context, struct _krb5_key_type *, struct _krb5_key_data *); 94 struct salt_type *string_to_key; 95 void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t); 96 void (*cleanup)(krb5_context, struct _krb5_key_data *); 97 const EVP_CIPHER *(*evp)(void); 98 }; 99 100 struct _krb5_checksum_type { 101 krb5_cksumtype type; 102 const char *name; 103 size_t blocksize; 104 size_t checksumsize; 105 unsigned flags; 106 krb5_error_code (*checksum)(krb5_context context, 107 struct _krb5_key_data *key, 108 const void *buf, size_t len, 109 unsigned usage, 110 Checksum *csum); 111 krb5_error_code (*verify)(krb5_context context, 112 struct _krb5_key_data *key, 113 const void *buf, size_t len, 114 unsigned usage, 115 Checksum *csum); 116 }; 117 118 struct _krb5_encryption_type { 119 krb5_enctype type; 120 const char *name; 121 size_t blocksize; 122 size_t padsize; 123 size_t confoundersize; 124 struct _krb5_key_type *keytype; 125 struct _krb5_checksum_type *checksum; 126 struct _krb5_checksum_type *keyed_checksum; 127 unsigned flags; 128 krb5_error_code (*encrypt)(krb5_context context, 129 struct _krb5_key_data *key, 130 void *data, size_t len, 131 krb5_boolean encryptp, 132 int usage, 133 void *ivec); 134 size_t prf_length; 135 krb5_error_code (*prf)(krb5_context, 136 krb5_crypto, const krb5_data *, krb5_data *); 137 }; 138 139 #define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA) 140 #define INTEGRITY_USAGE(U) (((U) << 8) | 0x55) 141 #define CHECKSUM_USAGE(U) (((U) << 8) | 0x99) 142 143 /* Checksums */ 144 145 extern struct _krb5_checksum_type _krb5_checksum_none; 146 extern struct _krb5_checksum_type _krb5_checksum_crc32; 147 extern struct _krb5_checksum_type _krb5_checksum_rsa_md4; 148 extern struct _krb5_checksum_type _krb5_checksum_rsa_md4_des; 149 extern struct _krb5_checksum_type _krb5_checksum_rsa_md5_des; 150 extern struct _krb5_checksum_type _krb5_checksum_rsa_md5_des3; 151 extern struct _krb5_checksum_type _krb5_checksum_rsa_md5; 152 extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_des3; 153 extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128; 154 extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256; 155 extern struct _krb5_checksum_type _krb5_checksum_hmac_md5; 156 extern struct _krb5_checksum_type _krb5_checksum_sha1; 157 158 extern struct _krb5_checksum_type *_krb5_checksum_types[]; 159 extern int _krb5_num_checksums; 160 161 /* Salts */ 162 163 extern struct salt_type _krb5_AES_salt[]; 164 extern struct salt_type _krb5_arcfour_salt[]; 165 extern struct salt_type _krb5_des_salt[]; 166 extern struct salt_type _krb5_des3_salt[]; 167 extern struct salt_type _krb5_des3_salt_derived[]; 168 169 /* Encryption types */ 170 171 extern struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha1; 172 extern struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha1; 173 extern struct _krb5_encryption_type _krb5_enctype_des3_cbc_sha1; 174 extern struct _krb5_encryption_type _krb5_enctype_des3_cbc_md5; 175 extern struct _krb5_encryption_type _krb5_enctype_des3_cbc_none; 176 extern struct _krb5_encryption_type _krb5_enctype_arcfour_hmac_md5; 177 extern struct _krb5_encryption_type _krb5_enctype_des_cbc_md5; 178 extern struct _krb5_encryption_type _krb5_enctype_old_des3_cbc_sha1; 179 extern struct _krb5_encryption_type _krb5_enctype_des_cbc_crc; 180 extern struct _krb5_encryption_type _krb5_enctype_des_cbc_md4; 181 extern struct _krb5_encryption_type _krb5_enctype_des_cbc_md5; 182 extern struct _krb5_encryption_type _krb5_enctype_des_cbc_none; 183 extern struct _krb5_encryption_type _krb5_enctype_des_cfb64_none; 184 extern struct _krb5_encryption_type _krb5_enctype_des_pcbc_none; 185 extern struct _krb5_encryption_type _krb5_enctype_null; 186 187 extern struct _krb5_encryption_type *_krb5_etypes[]; 188 extern int _krb5_num_etypes; 189 190 /* Interface to the EVP crypto layer provided by hcrypto */ 191 struct _krb5_evp_schedule { 192 EVP_CIPHER_CTX ectx; 193 EVP_CIPHER_CTX dctx; 194 }; 195 196 struct _krb5_etypes_deprected { 197 krb5_enctype type; 198 const char *name; 199 }; 200 201 extern struct _krb5_etypes_deprected _krb5_deprecated_etypes[]; 202 extern int _krb5_num_deprecated_etypes;