size_t num_data);
};
-typedef void (*krb5_encrypt_length_func) (const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- size_t inputlen, size_t *length);
-
-typedef krb5_error_code (*krb5_crypt_func) (const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- const krb5_keyblock *key, krb5_keyusage keyusage,
- const krb5_data *ivec,
- const krb5_data *input, krb5_data *output);
-
-typedef krb5_error_code (*krb5_str2key_func) (const struct krb5_enc_provider *enc, const krb5_data *string,
- const krb5_data *salt, const krb5_data *parm, krb5_keyblock *key);
-
-typedef krb5_error_code (*krb5_prf_func)(
- const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- const krb5_keyblock *key,
- const krb5_data *in, krb5_data *out);
-
-struct krb5_keytypes {
- krb5_enctype etype;
- char *in_string;
- char *out_string;
- const struct krb5_enc_provider *enc;
- const struct krb5_hash_provider *hash;
- size_t prf_length;
- krb5_encrypt_length_func encrypt_len;
- krb5_crypt_func encrypt;
- krb5_crypt_func decrypt;
- krb5_str2key_func str2key;
- krb5_prf_func prf;
- krb5_cksumtype required_ctype;
- const struct krb5_aead_provider *aead;
-};
-
-struct krb5_cksumtypes {
- krb5_cksumtype ctype;
- unsigned int flags;
- char *in_string;
- char *out_string;
- /* if the hash is keyed, this is the etype it is keyed with.
- Actually, it can be keyed by any etype which has the same
- enc_provider as the specified etype. DERIVE checksums can
- be keyed with any valid etype. */
- krb5_enctype keyed_etype;
- /* I can't statically initialize a union, so I'm just going to use
- two pointers here. The keyhash is used if non-NULL. If NULL,
- then HMAC/hash with derived keys is used if the relevant flag
- is set. Otherwise, a non-keyed hash is computed. This is all
- kind of messy, but so is the krb5 api. */
- const struct krb5_keyhash_provider *keyhash;
- const struct krb5_hash_provider *hash;
- /* This just gets uglier and uglier. In the key derivation case,
- we produce an hmac. To make the hmac code work, we can't hack
- the output size indicated by the hash provider, but we may want
- a truncated hmac. If we want truncation, this is the number of
- bytes we truncate to; it should be 0 otherwise. */
- unsigned int trunc_size;
-};
-
-#define KRB5_CKSUMFLAG_DERIVE 0x0001
-#define KRB5_CKSUMFLAG_NOT_COLL_PROOF 0x0002
-
/*
* in here to deal with stuff from lib/crypto
*/
const struct krb5_cksumtypes krb5_cksumtypes_list[] = {
{ CKSUMTYPE_CRC32, KRB5_CKSUMFLAG_NOT_COLL_PROOF,
- "crc32", "CRC-32",
+ "crc32", { 0 }, "CRC-32",
0, NULL,
&krb5int_hash_crc32 },
{ CKSUMTYPE_RSA_MD4, 0,
- "md4", "RSA-MD4",
+ "md4", { 0 }, "RSA-MD4",
0, NULL,
&krb5int_hash_md4 },
{ CKSUMTYPE_RSA_MD4_DES, 0,
- "md4-des", "RSA-MD4 with DES cbc mode",
+ "md4-des", { 0 }, "RSA-MD4 with DES cbc mode",
ENCTYPE_DES_CBC_CRC, &krb5int_keyhash_md4des,
NULL },
{ CKSUMTYPE_DESCBC, 0,
- "des-cbc", "DES cbc mode",
+ "des-cbc", { 0 }, "DES cbc mode",
ENCTYPE_DES_CBC_CRC, &krb5int_keyhash_descbc,
NULL },
{ CKSUMTYPE_RSA_MD5, 0,
- "md5", "RSA-MD5",
+ "md5", { 0 }, "RSA-MD5",
0, NULL,
&krb5int_hash_md5 },
{ CKSUMTYPE_RSA_MD5_DES, 0,
- "md5-des", "RSA-MD5 with DES cbc mode",
+ "md5-des", { 0 }, "RSA-MD5 with DES cbc mode",
ENCTYPE_DES_CBC_CRC, &krb5int_keyhash_md5des,
NULL },
{ CKSUMTYPE_NIST_SHA, 0,
- "sha", "NIST-SHA",
+ "sha", { 0 }, "NIST-SHA",
0, NULL,
&krb5int_hash_sha1 },
{ CKSUMTYPE_HMAC_SHA1_DES3, KRB5_CKSUMFLAG_DERIVE,
- "hmac-sha1-des3", "HMAC-SHA1 DES3 key",
+ "hmac-sha1-des3", { "hmac-sha1-des3-kd" }, "HMAC-SHA1 DES3 key",
0, NULL,
&krb5int_hash_sha1 },
- { CKSUMTYPE_HMAC_SHA1_DES3, KRB5_CKSUMFLAG_DERIVE,
- "hmac-sha1-des3-kd", "HMAC-SHA1 DES3 key", /* alias */
- 0, NULL,
- &krb5int_hash_sha1 },
- { CKSUMTYPE_HMAC_MD5_ARCFOUR, 0,
- "hmac-md5-rc4", "Microsoft HMAC MD5 (RC4 key)",
- ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_hmac_md5,
- NULL },
- { CKSUMTYPE_HMAC_MD5_ARCFOUR, 0,
- "hmac-md5-enc", "Microsoft HMAC MD5 (RC4 key)", /*Heimdal alias*/
- ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_hmac_md5,
- NULL },
{ CKSUMTYPE_HMAC_MD5_ARCFOUR, 0,
- "hmac-md5-earcfour", "Microsoft HMAC MD5 (RC4 key)", /* alias*/
+ "hmac-md5-rc4", { "hmac-md5-enc", "hmac-md5-earcfour" },
+ "Microsoft HMAC MD5 (RC4 key)",
ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_hmac_md5,
NULL },
{ CKSUMTYPE_HMAC_SHA1_96_AES128, KRB5_CKSUMFLAG_DERIVE,
- "hmac-sha1-96-aes128", "HMAC-SHA1 AES128 key",
+ "hmac-sha1-96-aes128", { 0 }, "HMAC-SHA1 AES128 key",
0, NULL,
&krb5int_hash_sha1, 12 },
{ CKSUMTYPE_HMAC_SHA1_96_AES256, KRB5_CKSUMFLAG_DERIVE,
- "hmac-sha1-96-aes256", "HMAC-SHA1 AES256 key",
+ "hmac-sha1-96-aes256", { 0 }, "HMAC-SHA1 AES256 key",
0, NULL,
&krb5int_hash_sha1, 12 },
{ CKSUMTYPE_MD5_HMAC_ARCFOUR, 0,
- "md5-hmac-rc4", "Microsoft MD5 HMAC (RC4 key)",
+ "md5-hmac-rc4", { 0 }, "Microsoft MD5 HMAC (RC4 key)",
ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_md5_hmac,
NULL }
};
#include "k5-int.h"
+struct krb5_cksumtypes {
+ krb5_cksumtype ctype;
+ unsigned int flags;
+ char *name;
+ char *aliases[2];
+ char *out_string;
+ /* if the hash is keyed, this is the etype it is keyed with.
+ Actually, it can be keyed by any etype which has the same
+ enc_provider as the specified etype. DERIVE checksums can
+ be keyed with any valid etype. */
+ krb5_enctype keyed_etype;
+ /* I can't statically initialize a union, so I'm just going to use
+ two pointers here. The keyhash is used if non-NULL. If NULL,
+ then HMAC/hash with derived keys is used if the relevant flag
+ is set. Otherwise, a non-keyed hash is computed. This is all
+ kind of messy, but so is the krb5 api. */
+ const struct krb5_keyhash_provider *keyhash;
+ const struct krb5_hash_provider *hash;
+ /* This just gets uglier and uglier. In the key derivation case,
+ we produce an hmac. To make the hmac code work, we can't hack
+ the output size indicated by the hash provider, but we may want
+ a truncated hmac. If we want truncation, this is the number of
+ bytes we truncate to; it should be 0 otherwise. */
+ unsigned int trunc_size;
+};
+
+#define KRB5_CKSUMFLAG_DERIVE 0x0001
+#define KRB5_CKSUMFLAG_NOT_COLL_PROOF 0x0002
+
extern const struct krb5_cksumtypes krb5_cksumtypes_list[];
extern const unsigned int krb5_cksumtypes_length;
const struct krb5_keytypes krb5_enctypes_list[] = {
{ ENCTYPE_DES_CBC_CRC,
- "des-cbc-crc", "DES cbc mode with CRC-32",
+ "des-cbc-crc", { 0 }, "DES cbc mode with CRC-32",
&krb5int_enc_des, &krb5int_hash_crc32,
8,
krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
CKSUMTYPE_RSA_MD5,
NULL /*AEAD*/ },
{ ENCTYPE_DES_CBC_MD4,
- "des-cbc-md4", "DES cbc mode with RSA-MD4",
+ "des-cbc-md4", { 0 }, "DES cbc mode with RSA-MD4",
&krb5int_enc_des, &krb5int_hash_md4,
8,
krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
CKSUMTYPE_RSA_MD4,
NULL /*AEAD*/ },
{ ENCTYPE_DES_CBC_MD5,
- "des-cbc-md5", "DES cbc mode with RSA-MD5",
+ "des-cbc-md5", { "des" }, "DES cbc mode with RSA-MD5",
&krb5int_enc_des, &krb5int_hash_md5,
8,
krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
NULL, /*PRF*/
CKSUMTYPE_RSA_MD5,
NULL /*AEAD*/ },
- { ENCTYPE_DES_CBC_MD5,
- "des", "DES cbc mode with RSA-MD5", /* alias */
- &krb5int_enc_des, &krb5int_hash_md5,
- 8,
- krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
- krb5int_des_string_to_key,
- NULL, /*PRF*/
- CKSUMTYPE_RSA_MD5,
- NULL /*AEAD*/ },
-
{ ENCTYPE_DES_CBC_RAW,
- "des-cbc-raw", "DES cbc mode raw",
+ "des-cbc-raw", { 0 }, "DES cbc mode raw",
&krb5int_enc_des, NULL,
8,
krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
0,
&krb5int_aead_raw },
{ ENCTYPE_DES3_CBC_RAW,
- "des3-cbc-raw", "Triple DES cbc mode raw",
+ "des3-cbc-raw", { 0 }, "Triple DES cbc mode raw",
&krb5int_enc_des3, NULL,
8,
krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
&krb5int_aead_raw },
{ ENCTYPE_DES3_CBC_SHA1,
- "des3-cbc-sha1", "Triple DES cbc mode with HMAC/sha1",
- &krb5int_enc_des3, &krb5int_hash_sha1,
- 8,
- krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
- krb5int_dk_string_to_key,
- NULL, /*PRF*/
- CKSUMTYPE_HMAC_SHA1_DES3,
- &krb5int_aead_dk },
- { ENCTYPE_DES3_CBC_SHA1, /* alias */
- "des3-hmac-sha1", "Triple DES cbc mode with HMAC/sha1",
- &krb5int_enc_des3, &krb5int_hash_sha1,
- 8,
- krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
- krb5int_dk_string_to_key,
- NULL, /*PRF*/
- CKSUMTYPE_HMAC_SHA1_DES3,
- &krb5int_aead_dk },
- { ENCTYPE_DES3_CBC_SHA1, /* alias */
- "des3-cbc-sha1-kd", "Triple DES cbc mode with HMAC/sha1",
+ "des3-cbc-sha1", { "des3-hmac-sha1", "des3-cbc-sha1-kd" },
+ "Triple DES cbc mode with HMAC/sha1",
&krb5int_enc_des3, &krb5int_hash_sha1,
8,
krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
&krb5int_aead_dk },
{ ENCTYPE_DES_HMAC_SHA1,
- "des-hmac-sha1", "DES with HMAC/sha1",
+ "des-hmac-sha1", { 0 }, "DES with HMAC/sha1",
&krb5int_enc_des, &krb5int_hash_sha1,
8,
krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
0,
NULL },
{ ENCTYPE_ARCFOUR_HMAC,
- "arcfour-hmac","ArcFour with HMAC/md5", &krb5int_enc_arcfour,
- &krb5int_hash_md5,
- 0,
-krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
- krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
- NULL, /*PRF*/
- CKSUMTYPE_HMAC_MD5_ARCFOUR,
- &krb5int_aead_arcfour },
- { ENCTYPE_ARCFOUR_HMAC, /* alias */
- "rc4-hmac", "ArcFour with HMAC/md5", &krb5int_enc_arcfour,
- &krb5int_hash_md5,
- 0,
- krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
- krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
- NULL, /*PRF*/
- CKSUMTYPE_HMAC_MD5_ARCFOUR,
- &krb5int_aead_arcfour },
- { ENCTYPE_ARCFOUR_HMAC, /* alias */
- "arcfour-hmac-md5", "ArcFour with HMAC/md5", &krb5int_enc_arcfour,
- &krb5int_hash_md5,
- 0,
- krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
- krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
- NULL, /*PRF*/
- CKSUMTYPE_HMAC_MD5_ARCFOUR,
- &krb5int_aead_arcfour },
- { ENCTYPE_ARCFOUR_HMAC_EXP,
- "arcfour-hmac-exp", "Exportable ArcFour with HMAC/md5",
+ "arcfour-hmac", { "rc4-hmac", "arcfour-hmac-md5" },
+ "ArcFour with HMAC/md5",
&krb5int_enc_arcfour,
&krb5int_hash_md5,
0,
NULL, /*PRF*/
CKSUMTYPE_HMAC_MD5_ARCFOUR,
&krb5int_aead_arcfour },
- { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */
- "rc4-hmac-exp", "Exportable ArcFour with HMAC/md5",
- &krb5int_enc_arcfour,
- &krb5int_hash_md5,
- 0,
- krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
- krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
- NULL, /*PRF*/
- CKSUMTYPE_HMAC_MD5_ARCFOUR,
- &krb5int_aead_arcfour },
- { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */
- "arcfour-hmac-md5-exp", "Exportable ArcFour with HMAC/md5",
+ { ENCTYPE_ARCFOUR_HMAC_EXP,
+ "arcfour-hmac-exp", { "rc4-hmac-exp", "arcfour-hmac-md5-exp" },
+ "Exportable ArcFour with HMAC/md5",
&krb5int_enc_arcfour,
&krb5int_hash_md5,
0,
&krb5int_aead_arcfour },
{ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
- "aes128-cts-hmac-sha1-96", "AES-128 CTS mode with 96-bit SHA-1 HMAC",
- &krb5int_enc_aes128, &krb5int_hash_sha1,
- 16,
- krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
- krb5int_aes_string_to_key,
- krb5int_dk_prf,
- CKSUMTYPE_HMAC_SHA1_96_AES128,
- &krb5int_aead_aes },
- { ENCTYPE_AES128_CTS_HMAC_SHA1_96, /* alias */
- "aes128-cts", "AES-128 CTS mode with 96-bit SHA-1 HMAC",
+ "aes128-cts-hmac-sha1-96", { "aes128-cts" },
+ "AES-128 CTS mode with 96-bit SHA-1 HMAC",
&krb5int_enc_aes128, &krb5int_hash_sha1,
16,
krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
CKSUMTYPE_HMAC_SHA1_96_AES128,
&krb5int_aead_aes },
{ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
- "aes256-cts-hmac-sha1-96", "AES-256 CTS mode with 96-bit SHA-1 HMAC",
- &krb5int_enc_aes256, &krb5int_hash_sha1,
- 16,
- krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
- krb5int_aes_string_to_key,
- krb5int_dk_prf,
- CKSUMTYPE_HMAC_SHA1_96_AES256,
- &krb5int_aead_aes },
- { ENCTYPE_AES256_CTS_HMAC_SHA1_96, /* alias */
- "aes256-cts", "AES-256 CTS mode with 96-bit SHA-1 HMAC",
+ "aes256-cts-hmac-sha1-96", { "aes256-cts" },
+ "AES-256 CTS mode with 96-bit SHA-1 HMAC",
&krb5int_enc_aes256, &krb5int_hash_sha1,
16,
krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
#include "k5-int.h"
+typedef void (*krb5_encrypt_length_func) (const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ size_t inputlen, size_t *length);
+
+typedef krb5_error_code (*krb5_crypt_func) (const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ const krb5_keyblock *key, krb5_keyusage keyusage,
+ const krb5_data *ivec,
+ const krb5_data *input, krb5_data *output);
+
+typedef krb5_error_code (*krb5_str2key_func) (const struct krb5_enc_provider *enc, const krb5_data *string,
+ const krb5_data *salt, const krb5_data *parm, krb5_keyblock *key);
+
+typedef krb5_error_code (*krb5_prf_func)(
+ const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ const krb5_keyblock *key,
+ const krb5_data *in, krb5_data *out);
+
+struct krb5_keytypes {
+ krb5_enctype etype;
+ char *name;
+ char *aliases[2];
+ char *out_string;
+ const struct krb5_enc_provider *enc;
+ const struct krb5_hash_provider *hash;
+ size_t prf_length;
+ krb5_encrypt_length_func encrypt_len;
+ krb5_crypt_func encrypt;
+ krb5_crypt_func decrypt;
+ krb5_str2key_func str2key;
+ krb5_prf_func prf;
+ krb5_cksumtype required_ctype;
+ const struct krb5_aead_provider *aead;
+};
+
extern const struct krb5_keytypes krb5_enctypes_list[];
extern const int krb5_enctypes_length;
krb5_error_code KRB5_CALLCONV
krb5_string_to_cksumtype(char *string, krb5_cksumtype *cksumtypep)
{
- unsigned int i;
+ unsigned int i, j;
for (i=0; i<krb5_cksumtypes_length; i++) {
- if (strcasecmp(krb5_cksumtypes_list[i].in_string, string) == 0) {
+ if (strcasecmp(krb5_cksumtypes_list[i].name, string) == 0) {
*cksumtypep = krb5_cksumtypes_list[i].ctype;
return(0);
}
+#define MAX_ALIASES (sizeof(krb5_cksumtypes_list[i].aliases) / sizeof(krb5_cksumtypes_list[i].aliases[0]))
+ for (j = 0; j < MAX_ALIASES; j++) {
+ const char *alias = krb5_cksumtypes_list[i].aliases[j];
+ if (alias == NULL)
+ break;
+ if (strcasecmp(alias, string) == 0) {
+ *cksumtypep = krb5_cksumtypes_list[i].ctype;
+ return 0;
+ }
+ }
}
return(EINVAL);
krb5_error_code KRB5_CALLCONV
krb5_string_to_enctype(char *string, krb5_enctype *enctypep)
{
- int i;
+ int i, j;
for (i=0; i<krb5_enctypes_length; i++) {
- if (strcasecmp(krb5_enctypes_list[i].in_string, string) == 0) {
+ if (strcasecmp(krb5_enctypes_list[i].name, string) == 0) {
*enctypep = krb5_enctypes_list[i].etype;
- return(0);
+ return 0;
+ }
+#define MAX_ALIASES (sizeof(krb5_enctypes_list[i].aliases) / sizeof(krb5_enctypes_list[i].aliases[0]))
+ for (j = 0; j < MAX_ALIASES; j++) {
+ const char *alias = krb5_enctypes_list[i].aliases[j];
+ if (alias == NULL)
+ break;
+ if (strcasecmp(alias, string) == 0) {
+ *enctypep = krb5_enctypes_list[i].etype;
+ return 0;
+ }
}
}