1.\" Copyright (c) 1999 - 2004 Kungliga Tekniska Högskolan 2.\" (Royal Institute of Technology, Stockholm, Sweden). 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" 3. Neither the name of the Institute nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" $Id$ 33.\" 34.Dd March 20, 2004 35.Dt KRB5_ENCRYPT 3 36.Os HEIMDAL 37.Sh NAME 38.Nm krb5_crypto_getblocksize , 39.Nm krb5_crypto_getconfoundersize 40.Nm krb5_crypto_getenctype , 41.Nm krb5_crypto_getpadsize , 42.Nm krb5_crypto_overhead , 43.Nm krb5_decrypt , 44.Nm krb5_decrypt_EncryptedData , 45.Nm krb5_decrypt_ivec , 46.Nm krb5_decrypt_ticket , 47.Nm krb5_encrypt , 48.Nm krb5_encrypt_EncryptedData , 49.Nm krb5_encrypt_ivec , 50.Nm krb5_enctype_disable , 51.Nm krb5_enctype_keysize , 52.Nm krb5_enctype_to_string , 53.Nm krb5_enctype_valid , 54.Nm krb5_get_wrapped_length , 55.Nm krb5_string_to_enctype 56.Nd "encrypt and decrypt data, set and get encryption type parameters" 57.Sh LIBRARY 58Kerberos 5 Library (libkrb5, -lkrb5) 59.Sh SYNOPSIS 60.In krb5.h 61.Ft krb5_error_code 62.Fo krb5_encrypt 63.Fa "krb5_context context" 64.Fa "krb5_crypto crypto" 65.Fa "unsigned usage" 66.Fa "void *data" 67.Fa "size_t len" 68.Fa "krb5_data *result" 69.Fc 70.Ft krb5_error_code 71.Fo krb5_encrypt_EncryptedData 72.Fa "krb5_context context" 73.Fa "krb5_crypto crypto" 74.Fa "unsigned usage" 75.Fa "void *data" 76.Fa "size_t len" 77.Fa "int kvno" 78.Fa "EncryptedData *result" 79.Fc 80.Ft krb5_error_code 81.Fo krb5_encrypt_ivec 82.Fa "krb5_context context" 83.Fa "krb5_crypto crypto" 84.Fa "unsigned usage" 85.Fa "void *data" 86.Fa "size_t len" 87.Fa "krb5_data *result" 88.Fa "void *ivec" 89.Fc 90.Ft krb5_error_code 91.Fo krb5_decrypt 92.Fa "krb5_context context" 93.Fa "krb5_crypto crypto" 94.Fa "unsigned usage" 95.Fa "void *data" 96.Fa "size_t len" 97.Fa "krb5_data *result" 98.Fc 99.Ft krb5_error_code 100.Fo krb5_decrypt_EncryptedData 101.Fa "krb5_context context" 102.Fa "krb5_crypto crypto" 103.Fa "unsigned usage" 104.Fa "EncryptedData *e" 105.Fa "krb5_data *result" 106.Fc 107.Ft krb5_error_code 108.Fo krb5_decrypt_ivec 109.Fa "krb5_context context" 110.Fa "krb5_crypto crypto" 111.Fa "unsigned usage" 112.Fa "void *data" 113.Fa "size_t len" 114.Fa "krb5_data *result" 115.Fa "void *ivec" 116.Fc 117.Ft krb5_error_code 118.Fo krb5_decrypt_ticket 119.Fa "krb5_context context" 120.Fa "Ticket *ticket" 121.Fa "krb5_keyblock *key" 122.Fa "EncTicketPart *out" 123.Fa "krb5_flags flags" 124.Fc 125.Ft krb5_error_code 126.Fo krb5_crypto_getblocksize 127.Fa "krb5_context context" 128.Fa "size_t *blocksize" 129.Fc 130.Ft krb5_error_code 131.Fo krb5_crypto_getenctype 132.Fa "krb5_context context" 133.Fa "krb5_crypto crypto" 134.Fa "krb5_enctype *enctype" 135.Fc 136.Ft krb5_error_code 137.Fo krb5_crypto_getpadsize 138.Fa "krb5_context context" 139.Fa size_t *padsize" 140.Fc 141.Ft krb5_error_code 142.Fo krb5_crypto_getconfoundersize 143.Fa "krb5_context context" 144.Fa "krb5_crypto crypto" 145.Fa size_t *confoundersize" 146.Fc 147.Ft krb5_error_code 148.Fo krb5_enctype_keysize 149.Fa "krb5_context context" 150.Fa "krb5_enctype type" 151.Fa "size_t *keysize" 152.Fc 153.Ft krb5_error_code 154.Fo krb5_crypto_overhead 155.Fa "krb5_context context" 156.Fa size_t *padsize" 157.Fc 158.Ft krb5_error_code 159.Fo krb5_string_to_enctype 160.Fa "krb5_context context" 161.Fa "const char *string" 162.Fa "krb5_enctype *etype" 163.Fc 164.Ft krb5_error_code 165.Fo krb5_enctype_to_string 166.Fa "krb5_context context" 167.Fa "krb5_enctype etype" 168.Fa "char **string" 169.Fc 170.Ft krb5_error_code 171.Fo krb5_enctype_valid 172.Fa "krb5_context context" 173.Fa "krb5_enctype etype" 174.Fc 175.Ft void 176.Fo krb5_enctype_disable 177.Fa "krb5_context context" 178.Fa "krb5_enctype etype" 179.Fc 180.Ft size_t 181.Fo krb5_get_wrapped_length 182.Fa "krb5_context context" 183.Fa "krb5_crypto crypto" 184.Fa "size_t data_len" 185.Fc 186.Sh DESCRIPTION 187These functions are used to encrypt and decrypt data. 188.Pp 189.Fn krb5_encrypt_ivec 190puts the encrypted version of 191.Fa data 192(of size 193.Fa len ) 194in 195.Fa result . 196If the encryption type supports using derived keys, 197.Fa usage 198should be the appropriate key-usage. 199.Fa ivec 200is a pointer to a initial IV, it is modified to the end IV at the end of 201the round. 202Ivec should be the size of 203If 204.Dv NULL 205is passed in, the default IV is used. 206.Fn krb5_encrypt 207does the same as 208.Fn krb5_encrypt_ivec 209but with 210.Fa ivec 211being 212.Dv NULL . 213.Fn krb5_encrypt_EncryptedData 214does the same as 215.Fn krb5_encrypt , 216but it puts the encrypted data in a 217.Fa EncryptedData 218structure instead. If 219.Fa kvno 220is not zero, it will be put in the (optional) 221.Fa kvno 222field in the 223.Fa EncryptedData . 224.Pp 225.Fn krb5_decrypt_ivec , 226.Fn krb5_decrypt , 227and 228.Fn krb5_decrypt_EncryptedData 229works similarly. 230.Pp 231.Fn krb5_decrypt_ticket 232decrypts the encrypted part of 233.Fa ticket 234with 235.Fa key . 236.Fn krb5_decrypt_ticket 237also verifies the timestamp in the ticket, invalid flag and if the KDC 238haven't verified the transited path, the transit path. 239.Pp 240.Fn krb5_enctype_keysize , 241.Fn krb5_crypto_getconfoundersize , 242.Fn krb5_crypto_getblocksize , 243.Fn krb5_crypto_getenctype , 244.Fn krb5_crypto_getpadsize , 245.Fn krb5_crypto_overhead 246all returns various (sometimes) useful information from a crypto context. 247.Fn krb5_crypto_overhead 248is the combination of krb5_crypto_getconfoundersize, 249krb5_crypto_getblocksize and krb5_crypto_getpadsize and return the 250maximum overhead size. 251.Pp 252.Fn krb5_enctype_to_string 253converts a encryption type number to a string that can be printable 254and stored. The strings returned should be freed with 255.Xr free 3 . 256.Pp 257.Fn krb5_string_to_enctype 258converts a encryption type strings to a encryption type number that 259can use used for other Kerberos crypto functions. 260.Pp 261.Fn krb5_enctype_valid 262returns 0 if the encrypt is supported and not disabled, otherwise and 263error code is returned. 264.Pp 265.Fn krb5_enctype_disable 266(globally, for all contextes) disables the 267.Fa enctype . 268.Pp 269.Fn krb5_get_wrapped_length 270returns the size of an encrypted packet by 271.Fa crypto 272of length 273.Fa data_len . 274.\" .Sh EXAMPLE 275.\" .Sh BUGS 276.Sh SEE ALSO 277.Xr krb5_create_checksum 3 , 278.Xr krb5_crypto_init 3 279