xref: /linux/crypto/krb5/internal.h (revision 742e38d4d4033e7ff53178acf7edd2b1fe0142ef) 
1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /* Kerberos5 crypto internals
3  *
4  * Copyright (C) 2025 Red Hat, Inc. All Rights Reserved.
5  * Written by David Howells (dhowells@redhat.com)
6  */
7 
8 #include <linux/scatterlist.h>
9 #include <crypto/krb5.h>
10 #include <crypto/hash.h>
11 #include <crypto/skcipher.h>
12 
13 /*
14  * Profile used for key derivation and encryption.
15  */
16 struct krb5_crypto_profile {
17 	 /* Pseudo-random function */
18 	int (*calc_PRF)(const struct krb5_enctype *krb5,
19 			const struct krb5_buffer *protocol_key,
20 			const struct krb5_buffer *octet_string,
21 			struct krb5_buffer *result,
22 			gfp_t gfp);
23 
24 	/* Checksum key derivation */
25 	int (*calc_Kc)(const struct krb5_enctype *krb5,
26 		       const struct krb5_buffer *TK,
27 		       const struct krb5_buffer *usage_constant,
28 		       struct krb5_buffer *Kc,
29 		       gfp_t gfp);
30 
31 	/* Encryption key derivation */
32 	int (*calc_Ke)(const struct krb5_enctype *krb5,
33 		       const struct krb5_buffer *TK,
34 		       const struct krb5_buffer *usage_constant,
35 		       struct krb5_buffer *Ke,
36 		       gfp_t gfp);
37 
38 	 /* Integrity key derivation */
39 	int (*calc_Ki)(const struct krb5_enctype *krb5,
40 		       const struct krb5_buffer *TK,
41 		       const struct krb5_buffer *usage_constant,
42 		       struct krb5_buffer *Ki,
43 		       gfp_t gfp);
44 
45 	/* Derive the keys needed for an encryption AEAD object. */
46 	int (*derive_encrypt_keys)(const struct krb5_enctype *krb5,
47 				   const struct krb5_buffer *TK,
48 				   unsigned int usage,
49 				   struct krb5_buffer *setkey,
50 				   gfp_t gfp);
51 
52 	/* Directly load the keys needed for an encryption AEAD object. */
53 	int (*load_encrypt_keys)(const struct krb5_enctype *krb5,
54 				 const struct krb5_buffer *Ke,
55 				 const struct krb5_buffer *Ki,
56 				 struct krb5_buffer *setkey,
57 				 gfp_t gfp);
58 
59 	/* Derive the key needed for a checksum hash object. */
60 	int (*derive_checksum_key)(const struct krb5_enctype *krb5,
61 				   const struct krb5_buffer *TK,
62 				   unsigned int usage,
63 				   struct krb5_buffer *setkey,
64 				   gfp_t gfp);
65 
66 	/* Directly load the keys needed for a checksum hash object. */
67 	int (*load_checksum_key)(const struct krb5_enctype *krb5,
68 				 const struct krb5_buffer *Kc,
69 				 struct krb5_buffer *setkey,
70 				 gfp_t gfp);
71 
72 	/* Encrypt data in-place, inserting confounder and checksum. */
73 	ssize_t (*encrypt)(const struct krb5_enctype *krb5,
74 			   struct crypto_aead *aead,
75 			   struct scatterlist *sg, unsigned int nr_sg,
76 			   size_t sg_len,
77 			   size_t data_offset, size_t data_len,
78 			   bool preconfounded);
79 
80 	/* Decrypt data in-place, removing confounder and checksum */
81 	int (*decrypt)(const struct krb5_enctype *krb5,
82 		       struct crypto_aead *aead,
83 		       struct scatterlist *sg, unsigned int nr_sg,
84 		       size_t *_offset, size_t *_len);
85 
86 	/* Generate a MIC on part of a packet, inserting the checksum */
87 	ssize_t (*get_mic)(const struct krb5_enctype *krb5,
88 			   struct crypto_shash *shash,
89 			   const struct krb5_buffer *metadata,
90 			   struct scatterlist *sg, unsigned int nr_sg,
91 			   size_t sg_len,
92 			   size_t data_offset, size_t data_len);
93 
94 	/* Verify the MIC on a piece of data, removing the checksum */
95 	int (*verify_mic)(const struct krb5_enctype *krb5,
96 			  struct crypto_shash *shash,
97 			  const struct krb5_buffer *metadata,
98 			  struct scatterlist *sg, unsigned int nr_sg,
99 			  size_t *_offset, size_t *_len);
100 };
101 
102 /*
103  * Crypto size/alignment rounding convenience macros.
104  */
105 #define crypto_roundup(X) ((unsigned int)round_up((X), CRYPTO_MINALIGN))
106 
107 #define krb5_aead_size(TFM) \
108 	crypto_roundup(sizeof(struct aead_request) + crypto_aead_reqsize(TFM))
109 #define krb5_aead_ivsize(TFM) \
110 	crypto_roundup(crypto_aead_ivsize(TFM))
111 #define krb5_shash_size(TFM) \
112 	crypto_roundup(sizeof(struct shash_desc) + crypto_shash_descsize(TFM))
113 #define krb5_digest_size(TFM) \
114 	crypto_roundup(crypto_shash_digestsize(TFM))
115 #define round16(x) (((x) + 15) & ~15)
116 
117 /*
118  * krb5_api.c
119  */
120 struct crypto_aead *krb5_prepare_encryption(const struct krb5_enctype *krb5,
121 					    const struct krb5_buffer *keys,
122 					    gfp_t gfp);
123 struct crypto_shash *krb5_prepare_checksum(const struct krb5_enctype *krb5,
124 					   const struct krb5_buffer *Kc,
125 					   gfp_t gfp);
126 
127 /*
128  * krb5_kdf.c
129  */
130 int krb5_derive_Kc(const struct krb5_enctype *krb5, const struct krb5_buffer *TK,
131 		   u32 usage, struct krb5_buffer *key, gfp_t gfp);
132 int krb5_derive_Ke(const struct krb5_enctype *krb5, const struct krb5_buffer *TK,
133 		   u32 usage, struct krb5_buffer *key, gfp_t gfp);
134 int krb5_derive_Ki(const struct krb5_enctype *krb5, const struct krb5_buffer *TK,
135 		   u32 usage, struct krb5_buffer *key, gfp_t gfp);
136 
137 /*
138  * rfc3961_simplified.c
139  */
140 extern const struct krb5_crypto_profile rfc3961_simplified_profile;
141 
142 int crypto_shash_update_sg(struct shash_desc *desc, struct scatterlist *sg,
143 			   size_t offset, size_t len);
144 int authenc_derive_encrypt_keys(const struct krb5_enctype *krb5,
145 				const struct krb5_buffer *TK,
146 				unsigned int usage,
147 				struct krb5_buffer *setkey,
148 				gfp_t gfp);
149 int authenc_load_encrypt_keys(const struct krb5_enctype *krb5,
150 			      const struct krb5_buffer *Ke,
151 			      const struct krb5_buffer *Ki,
152 			      struct krb5_buffer *setkey,
153 			      gfp_t gfp);
154 int rfc3961_derive_checksum_key(const struct krb5_enctype *krb5,
155 				const struct krb5_buffer *TK,
156 				unsigned int usage,
157 				struct krb5_buffer *setkey,
158 				gfp_t gfp);
159 int rfc3961_load_checksum_key(const struct krb5_enctype *krb5,
160 			      const struct krb5_buffer *Kc,
161 			      struct krb5_buffer *setkey,
162 			      gfp_t gfp);
163 ssize_t krb5_aead_encrypt(const struct krb5_enctype *krb5,
164 			  struct crypto_aead *aead,
165 			  struct scatterlist *sg, unsigned int nr_sg, size_t sg_len,
166 			  size_t data_offset, size_t data_len,
167 			  bool preconfounded);
168 int krb5_aead_decrypt(const struct krb5_enctype *krb5,
169 		      struct crypto_aead *aead,
170 		      struct scatterlist *sg, unsigned int nr_sg,
171 		      size_t *_offset, size_t *_len);
172 ssize_t rfc3961_get_mic(const struct krb5_enctype *krb5,
173 			struct crypto_shash *shash,
174 			const struct krb5_buffer *metadata,
175 			struct scatterlist *sg, unsigned int nr_sg, size_t sg_len,
176 			size_t data_offset, size_t data_len);
177 int rfc3961_verify_mic(const struct krb5_enctype *krb5,
178 		       struct crypto_shash *shash,
179 		       const struct krb5_buffer *metadata,
180 		       struct scatterlist *sg, unsigned int nr_sg,
181 		       size_t *_offset, size_t *_len);
182 
183 /*
184  * rfc3962_aes.c
185  */
186 extern const struct krb5_enctype krb5_aes128_cts_hmac_sha1_96;
187 extern const struct krb5_enctype krb5_aes256_cts_hmac_sha1_96;
188 
189 /*
190  * rfc6803_camellia.c
191  */
192 extern const struct krb5_enctype krb5_camellia128_cts_cmac;
193 extern const struct krb5_enctype krb5_camellia256_cts_cmac;
194 
195 /*
196  * rfc8009_aes2.c
197  */
198 extern const struct krb5_enctype krb5_aes128_cts_hmac_sha256_128;
199 extern const struct krb5_enctype krb5_aes256_cts_hmac_sha384_192;
200