1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 3*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 4*7c478bd9Sstevel@tonic-gate */ 5*7c478bd9Sstevel@tonic-gate 6*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 7*7c478bd9Sstevel@tonic-gate 8*7c478bd9Sstevel@tonic-gate /* 9*7c478bd9Sstevel@tonic-gate * Copyright (C) 1998 by the FundsXpress, INC. 10*7c478bd9Sstevel@tonic-gate * 11*7c478bd9Sstevel@tonic-gate * All rights reserved. 12*7c478bd9Sstevel@tonic-gate * 13*7c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may require 14*7c478bd9Sstevel@tonic-gate * a specific license from the United States Government. It is the 15*7c478bd9Sstevel@tonic-gate * responsibility of any person or organization contemplating export to 16*7c478bd9Sstevel@tonic-gate * obtain such a license before exporting. 17*7c478bd9Sstevel@tonic-gate * 18*7c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 19*7c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 20*7c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 21*7c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 22*7c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 23*7c478bd9Sstevel@tonic-gate * the name of FundsXpress. not be used in advertising or publicity pertaining 24*7c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 25*7c478bd9Sstevel@tonic-gate * permission. FundsXpress makes no representations about the suitability of 26*7c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 27*7c478bd9Sstevel@tonic-gate * or implied warranty. 28*7c478bd9Sstevel@tonic-gate * 29*7c478bd9Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 30*7c478bd9Sstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 31*7c478bd9Sstevel@tonic-gate * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 32*7c478bd9Sstevel@tonic-gate */ 33*7c478bd9Sstevel@tonic-gate 34*7c478bd9Sstevel@tonic-gate #include <k5-int.h> 35*7c478bd9Sstevel@tonic-gate #include <hash_provider.h> 36*7c478bd9Sstevel@tonic-gate #include <keyhash_provider.h> 37*7c478bd9Sstevel@tonic-gate #include <cksumtypes.h> 38*7c478bd9Sstevel@tonic-gate 39*7c478bd9Sstevel@tonic-gate struct krb5_cksumtypes krb5_cksumtypes_list[] = { 40*7c478bd9Sstevel@tonic-gate { CKSUMTYPE_CRC32, KRB5_CKSUMFLAG_NOT_COLL_PROOF, 41*7c478bd9Sstevel@tonic-gate "crc32", "CRC-32", 42*7c478bd9Sstevel@tonic-gate NULL, NULL, &krb5_hash_crc32, 0, 43*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 44*7c478bd9Sstevel@tonic-gate NULL, 45*7c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID 46*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 47*7c478bd9Sstevel@tonic-gate }, 48*7c478bd9Sstevel@tonic-gate 49*7c478bd9Sstevel@tonic-gate { CKSUMTYPE_DESCBC, 0, 50*7c478bd9Sstevel@tonic-gate "des-cbc", "DES cbc mode", 51*7c478bd9Sstevel@tonic-gate ENCTYPE_DES_CBC_CRC, &krb5_keyhash_descbc, 52*7c478bd9Sstevel@tonic-gate NULL, NULL, 53*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 54*7c478bd9Sstevel@tonic-gate NULL, 55*7c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID 56*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 57*7c478bd9Sstevel@tonic-gate }, 58*7c478bd9Sstevel@tonic-gate 59*7c478bd9Sstevel@tonic-gate { CKSUMTYPE_RSA_MD5, 0, 60*7c478bd9Sstevel@tonic-gate "md5", "RSA-MD5", 61*7c478bd9Sstevel@tonic-gate NULL, NULL, &krb5int_hash_md5, 0, 62*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 63*7c478bd9Sstevel@tonic-gate SUN_CKM_MD5, 64*7c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID 65*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 66*7c478bd9Sstevel@tonic-gate }, 67*7c478bd9Sstevel@tonic-gate { CKSUMTYPE_RSA_MD5_DES, 0, 68*7c478bd9Sstevel@tonic-gate "md5-des", "RSA-MD5 with DES cbc mode", 69*7c478bd9Sstevel@tonic-gate ENCTYPE_DES_CBC_CRC, &krb5_keyhash_md5des, 70*7c478bd9Sstevel@tonic-gate NULL, NULL, 71*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 72*7c478bd9Sstevel@tonic-gate SUN_CKM_MD5, 73*7c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID 74*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 75*7c478bd9Sstevel@tonic-gate }, 76*7c478bd9Sstevel@tonic-gate 77*7c478bd9Sstevel@tonic-gate { CKSUMTYPE_NIST_SHA, 0, 78*7c478bd9Sstevel@tonic-gate "sha", "NIST-SHA", 79*7c478bd9Sstevel@tonic-gate NULL, NULL, &krb5_hash_sha1, 0, 80*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 81*7c478bd9Sstevel@tonic-gate SUN_CKM_SHA1, 82*7c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID 83*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 84*7c478bd9Sstevel@tonic-gate }, 85*7c478bd9Sstevel@tonic-gate 86*7c478bd9Sstevel@tonic-gate { CKSUMTYPE_HMAC_SHA1_DES3, KRB5_CKSUMFLAG_DERIVE, 87*7c478bd9Sstevel@tonic-gate "hmac-sha1-des3", "HMAC-SHA1 DES3 key", 88*7c478bd9Sstevel@tonic-gate NULL, NULL, &krb5_hash_sha1, 0, 89*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 90*7c478bd9Sstevel@tonic-gate SUN_CKM_SHA1_HMAC, 91*7c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID 92*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 93*7c478bd9Sstevel@tonic-gate }, 94*7c478bd9Sstevel@tonic-gate { CKSUMTYPE_HMAC_SHA1_DES3, KRB5_CKSUMFLAG_DERIVE, 95*7c478bd9Sstevel@tonic-gate "hmac-sha1-des3-kd", "HMAC-SHA1 DES3 key", /* alias */ 96*7c478bd9Sstevel@tonic-gate NULL, NULL, &krb5_hash_sha1, 0, 97*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 98*7c478bd9Sstevel@tonic-gate SUN_CKM_SHA1_HMAC, 99*7c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID 100*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 101*7c478bd9Sstevel@tonic-gate }, 102*7c478bd9Sstevel@tonic-gate { CKSUMTYPE_HMAC_MD5_ARCFOUR, 0, 103*7c478bd9Sstevel@tonic-gate "hmac-md5-rc4", "Microsoft HMAC MD5 (RC4 key)", 104*7c478bd9Sstevel@tonic-gate ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_hmac_md5, NULL, 0, 105*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 106*7c478bd9Sstevel@tonic-gate SUN_CKM_MD5, 107*7c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID 108*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 109*7c478bd9Sstevel@tonic-gate }, 110*7c478bd9Sstevel@tonic-gate { CKSUMTYPE_HMAC_MD5_ARCFOUR, 0, 111*7c478bd9Sstevel@tonic-gate "hmac-md5-enc", "Microsoft HMAC MD5 (RC4 key)", /*Heimdal alias*/ 112*7c478bd9Sstevel@tonic-gate ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_hmac_md5, NULL, 0, 113*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 114*7c478bd9Sstevel@tonic-gate SUN_CKM_MD5, 115*7c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID 116*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 117*7c478bd9Sstevel@tonic-gate }, 118*7c478bd9Sstevel@tonic-gate { CKSUMTYPE_HMAC_MD5_ARCFOUR, 0, 119*7c478bd9Sstevel@tonic-gate "hmac-md5-earcfour", "Microsoft HMAC MD5 (RC4 key)", /* alias*/ 120*7c478bd9Sstevel@tonic-gate ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_hmac_md5, NULL, 0, 121*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 122*7c478bd9Sstevel@tonic-gate SUN_CKM_MD5, 123*7c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID 124*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 125*7c478bd9Sstevel@tonic-gate }, 126*7c478bd9Sstevel@tonic-gate 127*7c478bd9Sstevel@tonic-gate { CKSUMTYPE_HMAC_SHA1_96_AES128, KRB5_CKSUMFLAG_DERIVE, 128*7c478bd9Sstevel@tonic-gate "hmac-sha1-96-aes128", "HMAC-SHA1 AES128 key", 129*7c478bd9Sstevel@tonic-gate NULL, NULL, &krb5_hash_sha1, 12, 130*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 131*7c478bd9Sstevel@tonic-gate SUN_CKM_SHA1_HMAC, 132*7c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID 133*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 134*7c478bd9Sstevel@tonic-gate }, 135*7c478bd9Sstevel@tonic-gate { CKSUMTYPE_HMAC_SHA1_96_AES256, KRB5_CKSUMFLAG_DERIVE, 136*7c478bd9Sstevel@tonic-gate "hmac-sha1-96-aes256", "HMAC-SHA1 AES256 key", 137*7c478bd9Sstevel@tonic-gate 0, NULL, &krb5_hash_sha1, 12, 138*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 139*7c478bd9Sstevel@tonic-gate SUN_CKM_SHA1_HMAC, 140*7c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID 141*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 142*7c478bd9Sstevel@tonic-gate } 143*7c478bd9Sstevel@tonic-gate 144*7c478bd9Sstevel@tonic-gate }; 145*7c478bd9Sstevel@tonic-gate 146*7c478bd9Sstevel@tonic-gate const int krb5_cksumtypes_length = 147*7c478bd9Sstevel@tonic-gate sizeof(krb5_cksumtypes_list)/sizeof(struct krb5_cksumtypes); 148*7c478bd9Sstevel@tonic-gate 149*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 150*7c478bd9Sstevel@tonic-gate void 151*7c478bd9Sstevel@tonic-gate setup_kef_cksumtypes() 152*7c478bd9Sstevel@tonic-gate { 153*7c478bd9Sstevel@tonic-gate int i; 154*7c478bd9Sstevel@tonic-gate struct krb5_cksumtypes *ck; 155*7c478bd9Sstevel@tonic-gate 156*7c478bd9Sstevel@tonic-gate for (i=0; i<krb5_cksumtypes_length; i++) { 157*7c478bd9Sstevel@tonic-gate ck = (struct krb5_cksumtypes *)&krb5_cksumtypes_list[i]; 158*7c478bd9Sstevel@tonic-gate if (ck != NULL && 159*7c478bd9Sstevel@tonic-gate ck->mt_c_name != NULL && 160*7c478bd9Sstevel@tonic-gate ck->kef_cksum_mt == CRYPTO_MECH_INVALID) { 161*7c478bd9Sstevel@tonic-gate 162*7c478bd9Sstevel@tonic-gate ck->kef_cksum_mt = crypto_mech2id(ck->mt_c_name); 163*7c478bd9Sstevel@tonic-gate KRB5_LOG1(KRB5_INFO, "setup_kef_cksumtypes() - " 164*7c478bd9Sstevel@tonic-gate "%s ==> %ld", 165*7c478bd9Sstevel@tonic-gate ck->mt_c_name, (ulong_t)ck->kef_cksum_mt); 166*7c478bd9Sstevel@tonic-gate } 167*7c478bd9Sstevel@tonic-gate } 168*7c478bd9Sstevel@tonic-gate } 169*7c478bd9Sstevel@tonic-gate #endif /* _KERNEL */ 170