2 * include/krb5/encryption.h
4 * Copyright 1989,1990,1991 by the Massachusetts Institute of Technology.
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. M.I.T. makes no representations about the suitability of
20 * this software for any purpose. It is provided "as is" without express
21 * or implied warranty.
24 * Encryption interface-related declarations
28 #ifndef KRB5_ENCRYPTION__
29 #define KRB5_ENCRYPTION__
31 typedef struct _krb5_keyblock {
34 krb5_enctype etype; /* hint of what encryption type to use */
36 krb5_octet FAR *contents;
39 typedef struct _krb5_checksum {
41 krb5_cksumtype checksum_type; /* checksum type */
43 krb5_octet FAR *contents;
46 typedef struct _krb5_encrypt_block {
48 struct _krb5_cryptosystem_entry FAR *crypto_entry;
49 krb5_keyblock FAR *key;
50 krb5_pointer priv; /* for private use, e.g. DES
54 typedef struct _krb5_enc_data {
61 /* could be used in a table to find an etype and initialize a block */
62 typedef struct _krb5_cryptosystem_entry {
64 krb5_error_code (*encrypt_func) NPROTOTYPE(( krb5_const_pointer /* in */,
65 krb5_pointer /* out */,
67 krb5_encrypt_block FAR *,
69 krb5_error_code (*decrypt_func) NPROTOTYPE(( krb5_const_pointer /* in */,
70 krb5_pointer /* out */,
72 krb5_encrypt_block FAR *,
74 krb5_error_code (*process_key) NPROTOTYPE(( krb5_encrypt_block FAR *,
75 const krb5_keyblock FAR *));
76 krb5_error_code (*finish_key) NPROTOTYPE(( krb5_encrypt_block FAR *));
77 krb5_error_code (*string_to_key) NPROTOTYPE((const krb5_encrypt_block FAR *,
80 const krb5_data FAR *,
81 const krb5_data FAR *));
82 krb5_error_code (*init_random_key) NPROTOTYPE((const krb5_keyblock FAR *,
84 krb5_error_code (*finish_random_key) NPROTOTYPE(( krb5_pointer FAR *));
85 krb5_error_code (*random_key) NPROTOTYPE(( const krb5_encrypt_block FAR *,
87 krb5_keyblock FAR * FAR *));
89 int pad_minimum; /* needed for cksum size computation */
91 krb5_enctype proto_enctype; /* encryption type,
92 (assigned protocol number AND
94 krb5_keytype proto_keytype; /* key type,
95 (assigned protocol number AND
97 } krb5_cryptosystem_entry;
99 typedef struct _krb5_cs_table_entry {
101 krb5_cryptosystem_entry FAR *system;
102 krb5_pointer random_sequence; /* from init_random_key() */
103 } krb5_cs_table_entry;
105 /* could be used in a table to find a sumtype */
106 typedef krb5_error_code (*SUM_FUNC) NPROTOTYPE (
107 (krb5_pointer /* in */,
108 size_t /* in_length */,
109 krb5_pointer /* key/seed */,
110 size_t /* key/seed size */,
111 krb5_checksum FAR * /* out_cksum */));
113 typedef struct _krb5_checksum_entry {
116 int checksum_length; /* length of stuff returned by
118 unsigned int is_collision_proof:1;
119 unsigned int uses_key:1;
120 } krb5_checksum_entry;
122 /* per Kerberos v5 protocol spec */
123 #define KEYTYPE_NULL 0x0000
124 #define KEYTYPE_DES 0x0001 /* Data Encryption Standard,
127 #define ETYPE_NULL 0x0000
128 #define ETYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */
129 #define ETYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */
130 #define ETYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */
131 #define ETYPE_RAW_DES_CBC 0x0004 /* Raw DES cbc mode */
133 #define ETYPE_UNKNOWN 0x1FF /* Reserved local value */
135 #define CKSUMTYPE_CRC32 0x0001
136 #define CKSUMTYPE_RSA_MD4 0x0002
137 #define CKSUMTYPE_RSA_MD4_DES 0x0003
138 #define CKSUMTYPE_DESCBC 0x0004
141 #define CKSUMTYPE_RSA_MD5 0x0007
142 #define CKSUMTYPE_RSA_MD5_DES 0x0008
144 /* macros to determine if a type is a local type */
145 #define KEYTYPE_IS_LOCAL(keytype) (keytype & 0x8000)
146 #define ETYPE_IS_LOCAL(etype) (etype & 0x8000)
147 #define CKSUMTYPE_IS_LOCAL(cksumtype) (cksumtype & 0x8000)
150 /* round x up to nearest multiple of y */
151 #define krb5_roundup(x, y) ((((x) + (y) - 1)/(y))*(y))
154 /* macro function definitions to help clean up code */
155 #define krb5_encrypt_size(length, crypto) \
156 krb5_roundup((length)+(crypto)->pad_minimum, (crypto)->block_length)
158 /* This array is indexed by encryption type */
159 extern krb5_cs_table_entry * NEAR krb5_csarray[];
160 extern int krb5_max_cryptosystem; /* max entry in array */
162 /* This array is indexed by key type, and has (should have) pointers to
163 the same entries as krb5_csarray */
164 /* XXX what if a given keytype works for several etypes? */
165 extern krb5_cs_table_entry * NEAR krb5_keytype_array[];
166 extern int krb5_max_keytype; /* max entry in array */
168 /* This array is indexed by checksum type */
169 extern krb5_checksum_entry * NEAR krb5_cksumarray[];
170 extern int krb5_max_cksum; /* max entry in array */
172 #define valid_etype(etype) ((((int) (etype)) <= krb5_max_cryptosystem) && ((etype) > 0) && krb5_csarray[etype])
174 #define valid_keytype(ktype) ((((int) (ktype)) <= krb5_max_keytype) && ((ktype) > 0) && krb5_keytype_array[ktype])
176 #define valid_cksumtype(cktype) ((((int) (cktype)) <= krb5_max_cksum) && ((cktype) > 0) && krb5_cksumarray[cktype])
178 #define is_coll_proof_cksum(cktype) (krb5_cksumarray[cktype]->is_collision_proof)
179 #define is_keyed_cksum(cktype) (krb5_cksumarray[cktype]->uses_key)
181 /* set up *eblockp to use etype */
182 #define krb5_use_cstype(context, eblockp, etype) (eblockp)->crypto_entry = krb5_csarray[(etype)]->system
184 #define krb5_use_keytype(context, eblockp, keytype) (eblockp)->crypto_entry = krb5_keytype_array[(keytype)]->system
186 #define krb5_encrypt(context, inptr, outptr, size, eblock, ivec) (*(eblock)->crypto_entry->encrypt_func)(inptr, outptr, size, eblock, ivec)
187 #define krb5_decrypt(context, inptr, outptr, size, eblock, ivec) (*(eblock)->crypto_entry->decrypt_func)(inptr, outptr, size, eblock, ivec)
188 #define krb5_process_key(context, eblock, key) (*(eblock)->crypto_entry->process_key)(eblock, key)
189 #define krb5_finish_key(context, eblock) (*(eblock)->crypto_entry->finish_key)(eblock)
190 #define krb5_string_to_key(context, eblock, keytype, keyblock, data, princ) (*(eblock)->crypto_entry->string_to_key)(eblock, keytype, keyblock, data, princ)
191 #define krb5_init_random_key(context, eblock, keyblock, ptr) (*(eblock)->crypto_entry->init_random_key)(keyblock, ptr)
192 #define krb5_finish_random_key(context, eblock, ptr) (*(eblock)->crypto_entry->finish_random_key)(ptr)
193 #define krb5_random_key(context, eblock, ptr, keyblock) (*(eblock)->crypto_entry->random_key)(eblock, ptr, keyblock)
195 #define krb5_eblock_keytype(context, eblockp) ((eblockp)->crypto_entry->proto_keytype)
196 #define krb5_eblock_enctype(context, eblockp) ((eblockp)->crypto_entry->proto_enctype)
199 * Here's the stuff for the checksum switch:
201 #define krb5_checksum_size(context, ctype) (krb5_cksumarray[ctype]->checksum_length)
202 #define krb5_calculate_checksum(context, ctype, in, in_length, seed, seed_length, outcksum) ((*krb5_cksumarray[ctype]->sum_func)(in, in_length, seed, seed_length, outcksum))
204 #endif /* KRB5_ENCRYPTION__ */