xref: /freebsd/crypto/heimdal/lib/krb5/krb5_encrypt.3 (revision 43a5ec4eb41567cc92586503212743d89686d78f)
1.\" Copyright (c) 1999 - 2004 Kungliga Tekniska Högskolan
2.\" (Royal Institute of Technology, Stockholm, Sweden).
3.\" All rights reserved.
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\"
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\"
12.\" 2. Redistributions in binary form must reproduce the above copyright
13.\"    notice, this list of conditions and the following disclaimer in the
14.\"    documentation and/or other materials provided with the distribution.
15.\"
16.\" 3. Neither the name of the Institute nor the names of its contributors
17.\"    may be used to endorse or promote products derived from this software
18.\"    without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" $Id$
33.\"
34.Dd March 20, 2004
35.Dt KRB5_ENCRYPT 3
36.Os HEIMDAL
37.Sh NAME
38.Nm krb5_crypto_getblocksize ,
39.Nm krb5_crypto_getconfoundersize
40.Nm krb5_crypto_getenctype ,
41.Nm krb5_crypto_getpadsize ,
42.Nm krb5_crypto_overhead ,
43.Nm krb5_decrypt ,
44.Nm krb5_decrypt_EncryptedData ,
45.Nm krb5_decrypt_ivec ,
46.Nm krb5_decrypt_ticket ,
47.Nm krb5_encrypt ,
48.Nm krb5_encrypt_EncryptedData ,
49.Nm krb5_encrypt_ivec ,
50.Nm krb5_enctype_disable ,
51.Nm krb5_enctype_keysize ,
52.Nm krb5_enctype_to_string ,
53.Nm krb5_enctype_valid ,
54.Nm krb5_get_wrapped_length ,
55.Nm krb5_string_to_enctype
56.Nd "encrypt and decrypt data, set and get encryption type parameters"
57.Sh LIBRARY
58Kerberos 5 Library (libkrb5, -lkrb5)
59.Sh SYNOPSIS
60.In krb5.h
61.Ft krb5_error_code
62.Fo krb5_encrypt
63.Fa "krb5_context context"
64.Fa "krb5_crypto crypto"
65.Fa "unsigned usage"
66.Fa "void *data"
67.Fa "size_t len"
68.Fa "krb5_data *result"
69.Fc
70.Ft krb5_error_code
71.Fo krb5_encrypt_EncryptedData
72.Fa "krb5_context context"
73.Fa "krb5_crypto crypto"
74.Fa "unsigned usage"
75.Fa "void *data"
76.Fa "size_t len"
77.Fa "int kvno"
78.Fa "EncryptedData *result"
79.Fc
80.Ft krb5_error_code
81.Fo krb5_encrypt_ivec
82.Fa "krb5_context context"
83.Fa "krb5_crypto crypto"
84.Fa "unsigned usage"
85.Fa "void *data"
86.Fa "size_t len"
87.Fa "krb5_data *result"
88.Fa "void *ivec"
89.Fc
90.Ft krb5_error_code
91.Fo krb5_decrypt
92.Fa "krb5_context context"
93.Fa "krb5_crypto crypto"
94.Fa "unsigned usage"
95.Fa "void *data"
96.Fa "size_t len"
97.Fa "krb5_data *result"
98.Fc
99.Ft krb5_error_code
100.Fo krb5_decrypt_EncryptedData
101.Fa "krb5_context context"
102.Fa "krb5_crypto crypto"
103.Fa "unsigned usage"
104.Fa "EncryptedData *e"
105.Fa "krb5_data *result"
106.Fc
107.Ft krb5_error_code
108.Fo krb5_decrypt_ivec
109.Fa "krb5_context context"
110.Fa "krb5_crypto crypto"
111.Fa "unsigned usage"
112.Fa "void *data"
113.Fa "size_t len"
114.Fa "krb5_data *result"
115.Fa "void *ivec"
116.Fc
117.Ft krb5_error_code
118.Fo krb5_decrypt_ticket
119.Fa "krb5_context context"
120.Fa "Ticket *ticket"
121.Fa "krb5_keyblock *key"
122.Fa "EncTicketPart *out"
123.Fa "krb5_flags flags"
124.Fc
125.Ft krb5_error_code
126.Fo krb5_crypto_getblocksize
127.Fa "krb5_context context"
128.Fa "size_t *blocksize"
129.Fc
130.Ft krb5_error_code
131.Fo krb5_crypto_getenctype
132.Fa "krb5_context context"
133.Fa "krb5_crypto crypto"
134.Fa "krb5_enctype *enctype"
135.Fc
136.Ft krb5_error_code
137.Fo krb5_crypto_getpadsize
138.Fa "krb5_context context"
139.Fa size_t *padsize"
140.Fc
141.Ft krb5_error_code
142.Fo krb5_crypto_getconfoundersize
143.Fa "krb5_context context"
144.Fa "krb5_crypto crypto"
145.Fa size_t *confoundersize"
146.Fc
147.Ft krb5_error_code
148.Fo krb5_enctype_keysize
149.Fa "krb5_context context"
150.Fa "krb5_enctype type"
151.Fa "size_t *keysize"
152.Fc
153.Ft krb5_error_code
154.Fo krb5_crypto_overhead
155.Fa "krb5_context context"
156.Fa size_t *padsize"
157.Fc
158.Ft krb5_error_code
159.Fo krb5_string_to_enctype
160.Fa "krb5_context context"
161.Fa "const char *string"
162.Fa "krb5_enctype *etype"
163.Fc
164.Ft krb5_error_code
165.Fo krb5_enctype_to_string
166.Fa "krb5_context context"
167.Fa "krb5_enctype etype"
168.Fa "char **string"
169.Fc
170.Ft krb5_error_code
171.Fo krb5_enctype_valid
172.Fa "krb5_context context"
173.Fa "krb5_enctype etype"
174.Fc
175.Ft void
176.Fo krb5_enctype_disable
177.Fa "krb5_context context"
178.Fa "krb5_enctype etype"
179.Fc
180.Ft size_t
181.Fo krb5_get_wrapped_length
182.Fa "krb5_context context"
183.Fa "krb5_crypto crypto"
184.Fa "size_t data_len"
185.Fc
186.Sh DESCRIPTION
187These functions are used to encrypt and decrypt data.
188.Pp
189.Fn krb5_encrypt_ivec
190puts the encrypted version of
191.Fa data
192(of size
193.Fa len )
194in
195.Fa result .
196If the encryption type supports using derived keys,
197.Fa usage
198should be the appropriate key-usage.
199.Fa ivec
200is a pointer to a initial IV, it is modified to the end IV at the end of
201the round.
202Ivec should be the size of
203If
204.Dv NULL
205is passed in, the default IV is used.
206.Fn krb5_encrypt
207does the same as
208.Fn krb5_encrypt_ivec
209but with
210.Fa ivec
211being
212.Dv NULL .
213.Fn krb5_encrypt_EncryptedData
214does the same as
215.Fn krb5_encrypt ,
216but it puts the encrypted data in a
217.Fa EncryptedData
218structure instead. If
219.Fa kvno
220is not zero, it will be put in the (optional)
221.Fa kvno
222field in the
223.Fa EncryptedData .
224.Pp
225.Fn krb5_decrypt_ivec ,
226.Fn krb5_decrypt ,
227and
228.Fn krb5_decrypt_EncryptedData
229works similarly.
230.Pp
231.Fn krb5_decrypt_ticket
232decrypts the encrypted part of
233.Fa ticket
234with
235.Fa key .
236.Fn krb5_decrypt_ticket
237also verifies the timestamp in the ticket, invalid flag and if the KDC
238haven't verified the transited path, the transit path.
239.Pp
240.Fn krb5_enctype_keysize ,
241.Fn krb5_crypto_getconfoundersize ,
242.Fn krb5_crypto_getblocksize ,
243.Fn krb5_crypto_getenctype ,
244.Fn krb5_crypto_getpadsize ,
245.Fn krb5_crypto_overhead
246all returns various (sometimes) useful information from a crypto context.
247.Fn krb5_crypto_overhead
248is the combination of krb5_crypto_getconfoundersize,
249krb5_crypto_getblocksize and krb5_crypto_getpadsize and return the
250maximum overhead size.
251.Pp
252.Fn krb5_enctype_to_string
253converts a encryption type number to a string that can be printable
254and stored. The strings returned should be freed with
255.Xr free 3 .
256.Pp
257.Fn krb5_string_to_enctype
258converts a encryption type strings to a encryption type number that
259can use used for other Kerberos crypto functions.
260.Pp
261.Fn krb5_enctype_valid
262returns 0 if the encrypt is supported and not disabled, otherwise and
263error code is returned.
264.Pp
265.Fn krb5_enctype_disable
266(globally, for all contextes) disables the
267.Fa enctype .
268.Pp
269.Fn krb5_get_wrapped_length
270returns the size of an encrypted packet by
271.Fa crypto
272of length
273.Fa data_len .
274.\" .Sh EXAMPLE
275.\" .Sh BUGS
276.Sh SEE ALSO
277.Xr krb5_create_checksum 3 ,
278.Xr krb5_crypto_init 3
279