src/include/krb5/encryption.h

   1 /*
   2  * $Source$
   3  * $Author$
   4  * $Id$
   5  *
   6  * Copyright 1989,1990 by the Massachusetts Institute of Technology.
   7  *
   8  * For copying and distribution information, please see the file
   9  * <krb5/copyright.h>.
  10  *
  11  * Encryption interface-related declarations
  12  */
  13
  14 #include <krb5/copyright.h>
  15
  16 #ifndef KRB5_ENCRYPTION__
  17 #define KRB5_ENCRYPTION__
  18
  19 typedef struct _krb5_keyblock {
  20     krb5_keytype keytype;
  21     int length;
  22     krb5_octet *contents;
  23 } krb5_keyblock;
  24
  25 typedef struct _krb5_checksum {
  26     krb5_cksumtype checksum_type;       /* checksum type */
  27     int length;
  28     krb5_octet *contents;
  29 } krb5_checksum;
  30
  31 typedef struct _krb5_encrypt_block {
  32     struct _krb5_cryptosystem_entry *crypto_entry;
  33     krb5_keyblock *key;
  34     krb5_pointer priv;                  /* for private use, e.g. DES
  35                                            key schedules */
  36 } krb5_encrypt_block;
  37
  38 typedef struct _krb5_enc_data {
  39     krb5_enctype etype;
  40     krb5_kvno kvno;
  41     krb5_data ciphertext;
  42 } krb5_enc_data;
  43
  44 /* could be used in a table to find an etype and initialize a block */
  45 typedef struct _krb5_cryptosystem_entry {
  46     krb5_error_code (*encrypt_func) PROTOTYPE((krb5_const_pointer /* in */,
  47                                                krb5_pointer /* out */,
  48                                                const size_t,
  49                                                krb5_encrypt_block *,
  50                                                krb5_pointer));
  51     krb5_error_code (*decrypt_func) PROTOTYPE((krb5_const_pointer /* in */,
  52                                                krb5_pointer /* out */,
  53                                                const size_t,
  54                                                krb5_encrypt_block *,
  55                                                krb5_pointer));
  56     krb5_error_code (*process_key) PROTOTYPE((krb5_encrypt_block *,
  57                                               const krb5_keyblock *));
  58     krb5_error_code (*finish_key) PROTOTYPE((krb5_encrypt_block *));
  59     krb5_error_code (*string_to_key) PROTOTYPE((const krb5_keytype,
  60                                                 krb5_keyblock *,
  61                                                 const krb5_data *,
  62                                                 krb5_const_principal));
  63     krb5_error_code  (*init_random_key) PROTOTYPE((const krb5_keyblock *,
  64                                                    krb5_pointer *));
  65     krb5_error_code  (*finish_random_key) PROTOTYPE((krb5_pointer *));
  66     krb5_error_code (*random_key) PROTOTYPE((krb5_pointer,
  67                                              krb5_keyblock **));
  68     int block_length;
  69     int pad_minimum;                    /* needed for cksum size computation */
  70     int keysize;
  71     krb5_enctype proto_enctype;         /* encryption type,
  72                                            (assigned protocol number AND
  73                                             table index) */
  74     krb5_keytype proto_keytype;         /* key type,
  75                                            (assigned protocol number AND
  76                                             table index) */
  77 } krb5_cryptosystem_entry;
  78
  79 typedef struct _krb5_cs_table_entry {
  80     krb5_cryptosystem_entry *system;
  81     krb5_pointer random_sequence;       /* from init_random_key() */
  82 } krb5_cs_table_entry;
  83
  84 /* could be used in a table to find a sumtype */
  85 typedef struct _krb5_checksum_entry {
  86     krb5_error_code  (*sum_func) PROTOTYPE ((krb5_pointer /* in */,
  87                                              size_t /* in_length */,
  88                                              krb5_pointer /* key/seed */,
  89                                              size_t /* key/seed size */,
  90                                              krb5_checksum * /* out_cksum */));
  91     int checksum_length;                /* length of stuff returned by
  92                                            sum_func */
  93 } krb5_checksum_entry;
  94
  95 /* per Kerberos v5 protocol spec */
  96 #define KEYTYPE_NULL            0x0000
  97 #define KEYTYPE_DES             0x0001  /* Data Encryption Standard,
  98                                            FIPS 46,81 */
  99 #define KEYTYPE_LUCIFER         0x0002  /* Lucifer */
 100
 101 #define ETYPE_NULL              0x0000
 102 #define ETYPE_DES_CBC_CRC       0x0001  /* DES cbc mode with CRC-32 */
 103 #define ETYPE_LUCIFER_CRC       0x0002
 104
 105 #define CKSUMTYPE_CRC32         0x0001
 106 #define CKSUMTYPE_XXX           0x0002
 107 #define CKSUMTYPE_XEROX         0x0003
 108 #define CKSUMTYPE_DESCBC        0x0004
 109
 110 /* macros to determine if a type is a local type */
 111 #define KEYTYPE_IS_LOCAL(keytype) (keytype & 0x8000)
 112 #define ETYPE_IS_LOCAL(etype) (etype & 0x8000)
 113 #define CKSUMTYPE_IS_LOCAL(cksumtype) (cksumtype & 0x8000)
 114
 115 #ifndef krb5_roundup
 116 /* round x up to nearest multiple of y */
 117 #define krb5_roundup(x, y) ((((x) + (y) - 1)/(y))*(y))
 118 #endif /* roundup */
 119
 120 /* macro function definitions to help clean up code */
 121 #define krb5_encrypt_size(length, crypto) \
 122      krb5_roundup((length)+(crypto)->pad_minimum, (crypto)->block_length)
 123
 124 /* This array is indexed by encryption type */
 125 extern krb5_cs_table_entry *krb5_csarray[];
 126 extern int krb5_max_cryptosystem;               /* max entry in array */
 127
 128 /* This array is indexed by key type, and has (should have) pointers to
 129    the same entries as krb5_csarray */
 130 /* XXX what if a given keytype works for several etypes? */
 131 extern krb5_cs_table_entry *krb5_keytype_array[];
 132 extern int krb5_max_keytype;            /* max entry in array */
 133
 134 /* This array is indexed by checksum type */
 135 extern krb5_checksum_entry *krb5_cksumarray[];
 136 extern int krb5_max_cksum;              /* max entry in array */
 137
 138 #define valid_etype(etype)     ((etype <= krb5_max_cryptosystem) && (etype > 0) && krb5_csarray[etype])
 139
 140 #define valid_keytype(ktype)     ((ktype <= krb5_max_keytype) && (ktype > 0) && krb5_keytype_array[ktype])
 141
 142 #define valid_cksumtype(cktype)     ((cktype <= krb5_max_cksum) && (cktype > 0) && krb5_cksumarray[cktype])
 143
 144
 145 #define krb5_encrypt(inptr, outptr, size, eblock, ivec) (*(eblock)->crypto_entry->encrypt_func)(inptr, outptr, size, eblock, ivec)
 146 #define krb5_decrypt(inptr, outptr, size, eblock, ivec) (*(eblock)->crypto_entry->decrypt_func)(inptr, outptr, size, eblock, ivec)
 147 #define krb5_process_key(eblock, key) (*(eblock)->crypto_entry->process_key)(eblock, key)
 148 #define krb5_finish_key(eblock) (*(eblock)->crypto_entry->finish_key)(eblock)
 149 #define krb5_string_to_key(eblock, keytype, keyblock, data, princ) (*(eblock)->crypto_entry->string_to_key)(keytype, keyblock, data, princ)
 150 #define krb5_init_random_key(eblock, keyblock, ptr) (*(eblock)->crypto_entry->init_random_key)(keyblock, ptr)
 151 #define krb5_finish_random_key(eblock, ptr) (*(eblock)->crypto_entry->finish_random_key)(ptr)
 152 #define krb5_random_key(eblock, ptr, keyblock) (*(eblock)->crypto_entry->random_key)(ptr, keyblock)
 153
 154 #endif /* KRB5_ENCRYPTION__ */