1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2008 Isilon Inc http://www.isilon.com/ 5 * Authors: Doug Rabson <dfr@rabson.org> 6 * Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org> 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $FreeBSD$ 30 */ 31 32 #include <sys/_iovec.h> 33 34 #define ETYPE_NULL 0 35 #define ETYPE_DES_CBC_CRC 1 36 #define ETYPE_DES_CBC_MD4 2 37 #define ETYPE_DES_CBC_MD5 3 38 #define ETYPE_DES3_CBC_MD5 5 39 #define ETYPE_OLD_DES3_CBC_SHA1 7 40 #define ETYPE_DES3_CBC_SHA1 16 41 #define ETYPE_AES128_CTS_HMAC_SHA1_96 17 42 #define ETYPE_AES256_CTS_HMAC_SHA1_96 18 43 #define ETYPE_ARCFOUR_HMAC_MD5 23 44 #define ETYPE_ARCFOUR_HMAC_MD5_56 24 45 46 /* 47 * Key usages for des3-cbc-sha1 tokens 48 */ 49 #define KG_USAGE_SEAL 22 50 #define KG_USAGE_SIGN 23 51 #define KG_USAGE_SEQ 24 52 53 /* 54 * Key usages for RFC4121 tokens 55 */ 56 #define KG_USAGE_ACCEPTOR_SEAL 22 57 #define KG_USAGE_ACCEPTOR_SIGN 23 58 #define KG_USAGE_INITIATOR_SEAL 24 59 #define KG_USAGE_INITIATOR_SIGN 25 60 61 struct krb5_key_state; 62 63 typedef void init_func(struct krb5_key_state *ks); 64 typedef void destroy_func(struct krb5_key_state *ks); 65 typedef void set_key_func(struct krb5_key_state *ks, const void *in); 66 typedef void random_to_key_func(struct krb5_key_state *ks, const void *in); 67 typedef void encrypt_func(const struct krb5_key_state *ks, 68 struct mbuf *inout, size_t skip, size_t len, void *ivec, size_t ivlen); 69 typedef void checksum_func(const struct krb5_key_state *ks, int usage, 70 struct mbuf *inout, size_t skip, size_t inlen, size_t outlen); 71 72 struct krb5_encryption_class { 73 const char *ec_name; 74 int ec_type; 75 int ec_flags; 76 #define EC_DERIVED_KEYS 1 77 size_t ec_blocklen; 78 size_t ec_msgblocklen; 79 size_t ec_checksumlen; 80 size_t ec_keybits; /* key length in bits */ 81 size_t ec_keylen; /* size of key in memory */ 82 init_func *ec_init; 83 destroy_func *ec_destroy; 84 set_key_func *ec_set_key; 85 random_to_key_func *ec_random_to_key; 86 encrypt_func *ec_encrypt; 87 encrypt_func *ec_decrypt; 88 checksum_func *ec_checksum; 89 }; 90 91 struct krb5_key_state { 92 const struct krb5_encryption_class *ks_class; 93 volatile u_int ks_refs; 94 void *ks_key; 95 void *ks_priv; 96 }; 97 98 extern struct krb5_encryption_class krb5_aes128_encryption_class; 99 extern struct krb5_encryption_class krb5_aes256_encryption_class; 100 101 static __inline void 102 krb5_set_key(struct krb5_key_state *ks, const void *keydata) 103 { 104 105 ks->ks_class->ec_set_key(ks, keydata); 106 } 107 108 static __inline void 109 krb5_random_to_key(struct krb5_key_state *ks, const void *keydata) 110 { 111 112 ks->ks_class->ec_random_to_key(ks, keydata); 113 } 114 115 static __inline void 116 krb5_encrypt(const struct krb5_key_state *ks, struct mbuf *inout, 117 size_t skip, size_t len, void *ivec, size_t ivlen) 118 { 119 120 ks->ks_class->ec_encrypt(ks, inout, skip, len, ivec, ivlen); 121 } 122 123 static __inline void 124 krb5_decrypt(const struct krb5_key_state *ks, struct mbuf *inout, 125 size_t skip, size_t len, void *ivec, size_t ivlen) 126 { 127 128 ks->ks_class->ec_decrypt(ks, inout, skip, len, ivec, ivlen); 129 } 130 131 static __inline void 132 krb5_checksum(const struct krb5_key_state *ks, int usage, 133 struct mbuf *inout, size_t skip, size_t inlen, size_t outlen) 134 { 135 136 ks->ks_class->ec_checksum(ks, usage, inout, skip, inlen, outlen); 137 } 138 139 extern struct krb5_encryption_class * 140 krb5_find_encryption_class(int etype); 141 extern struct krb5_key_state * 142 krb5_create_key(const struct krb5_encryption_class *ec); 143 extern void krb5_free_key(struct krb5_key_state *ks); 144 extern struct krb5_key_state * 145 krb5_derive_key(struct krb5_key_state *inkey, 146 void *constant, size_t constantlen); 147 extern struct krb5_key_state * 148 krb5_get_encryption_key(struct krb5_key_state *basekey, int usage); 149 extern struct krb5_key_state * 150 krb5_get_integrity_key(struct krb5_key_state *basekey, int usage); 151 extern struct krb5_key_state * 152 krb5_get_checksum_key(struct krb5_key_state *basekey, int usage); 153