diff options
| author | Sam Hartman <hartmans@mit.edu> | 2008-12-02 20:10:20 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2008-12-02 20:10:20 +0000 |
| commit | b5d22c309b734f6d3908fafa0e681ef7844ad9b3 (patch) | |
| tree | cb6c8bae9acfc8e05bdcc5b156d4d9896c5e251d /src/include | |
| parent | b282e93924be15445fb48ab186da737d62a003f6 (diff) | |
| download | krb5-b5d22c309b734f6d3908fafa0e681ef7844ad9b3.tar.gz krb5-b5d22c309b734f6d3908fafa0e681ef7844ad9b3.tar.xz krb5-b5d22c309b734f6d3908fafa0e681ef7844ad9b3.zip | |
Crypto IOV API per Projects/AEAD encryption API
Merge in the mskrb-crypto-iov branch at r21259 in order to move an
implementation of
http://k5wiki.kerberos.org/wiki/Projects/AEAD_encryption_API onto the
trunk. This branch contains a subset of the commits on the
mskrb-integ branch that implement the krb5 library part of the crypto
IOV API.
ticket: new
Status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21263 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/k5-int.h | 68 | ||||
| -rw-r--r-- | src/include/krb5/krb5.hin | 57 |
2 files changed, 122 insertions, 3 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index fe831b2504..1b4a60b490 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -562,7 +562,19 @@ struct krb5_enc_provider { krb5_error_code (*init_state) (const krb5_keyblock *key, krb5_keyusage keyusage, krb5_data *out_state); krb5_error_code (*free_state) (krb5_data *state); - + + /* In-place encryption/decryption of multiple buffers */ + krb5_error_code (*encrypt_iov) (const krb5_keyblock *key, + const krb5_data *cipher_state, + krb5_crypto_iov *data, + size_t num_data); + + + krb5_error_code (*decrypt_iov) (const krb5_keyblock *key, + const krb5_data *cipher_state, + krb5_crypto_iov *data, + size_t num_data); + }; struct krb5_hash_provider { @@ -588,6 +600,45 @@ struct krb5_keyhash_provider { const krb5_data *input, const krb5_data *hash, krb5_boolean *valid); + + krb5_error_code (*hash_iov) (const krb5_keyblock *key, + krb5_keyusage keyusage, + const krb5_data *ivec, + const krb5_crypto_iov *data, + size_t num_data, + krb5_data *output); + + krb5_error_code (*verify_iov) (const krb5_keyblock *key, + krb5_keyusage keyusage, + const krb5_data *ivec, + const krb5_data *input, + const krb5_crypto_iov *data, + size_t num_data, + krb5_boolean *valid); +}; + +struct krb5_aead_provider { + krb5_error_code (*crypto_length) (const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + krb5_cryptotype type, + size_t *length); + krb5_error_code (*encrypt_iov) (const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + krb5_keyusage keyusage, + const krb5_data *ivec, + krb5_crypto_iov *data, + size_t num_data); + krb5_error_code (*decrypt_iov) (const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + krb5_keyusage keyusage, + const krb5_data *ivec, + krb5_crypto_iov *data, + size_t num_data); }; typedef void (*krb5_encrypt_length_func) (const struct krb5_enc_provider *enc, @@ -615,13 +666,14 @@ struct krb5_keytypes { char *out_string; const struct krb5_enc_provider *enc; const struct krb5_hash_provider *hash; - size_t prf_length; + size_t prf_length; krb5_encrypt_length_func encrypt_len; krb5_crypt_func encrypt; krb5_crypt_func decrypt; krb5_str2key_func str2key; - krb5_prf_func prf; + krb5_prf_func prf; krb5_cksumtype required_ctype; + const struct krb5_aead_provider *aead; }; struct krb5_cksumtypes { @@ -665,6 +717,12 @@ krb5_error_code krb5_hmac const krb5_keyblock *key, unsigned int icount, const krb5_data *input, krb5_data *output); +krb5_error_code krb5_hmac_iov +(const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + const krb5_crypto_iov *data, size_t num_data, + krb5_data *output); + krb5_error_code krb5int_pbkdf2_hmac_sha1 (const krb5_data *, unsigned long, const krb5_data *, const krb5_data *); @@ -1848,6 +1906,10 @@ typedef struct _krb5int_access { const krb5_keyblock *key, unsigned int icount, const krb5_data *input, krb5_data *output); + krb5_error_code (* krb5_hmac_iov) (const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + const krb5_crypto_iov *data, size_t num_data, + krb5_data *output); /* service location and communication */ krb5_error_code (*sendto_udp) (krb5_context, const krb5_data *msg, const struct addrlist *, struct sendto_callback_info*, krb5_data *reply, diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 62fd90df4e..accde60fca 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -195,6 +195,7 @@ typedef krb5_int32 krb5_enctype; typedef krb5_int32 krb5_cksumtype; typedef krb5_int32 krb5_authdatatype; typedef krb5_int32 krb5_keyusage; +typedef krb5_int32 krb5_cryptotype; typedef krb5_int32 krb5_preauthtype; /* This may change, later on */ typedef krb5_int32 krb5_flags; @@ -358,6 +359,11 @@ typedef struct _krb5_enc_data { krb5_data ciphertext; } krb5_enc_data; +typedef struct _krb5_crypto_iov { + krb5_cryptotype flags; + krb5_data data; +} krb5_crypto_iov; + /* per Kerberos v5 protocol spec */ #define ENCTYPE_NULL 0x0000 #define ENCTYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */ @@ -606,6 +612,57 @@ krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum (krb5_cksumtype ctype); +/* AEAD APIs */ +#define KRB5_CRYPTO_TYPE_EMPTY 0 /* [in] ignored */ +#define KRB5_CRYPTO_TYPE_HEADER 1 /* [out] header */ +#define KRB5_CRYPTO_TYPE_DATA 2 /* [in, out] plaintext */ +#define KRB5_CRYPTO_TYPE_SIGN_ONLY 3 /* [in] associated data */ +#define KRB5_CRYPTO_TYPE_PADDING 4 /* [out] padding */ +#define KRB5_CRYPTO_TYPE_TRAILER 5 /* [out] checksum for encrypt */ +#define KRB5_CRYPTO_TYPE_CHECKSUM 6 /* [out] checksum for MIC */ +#define KRB5_CRYPTO_TYPE_STREAM 7 /* [in] entire message */ + +krb5_error_code KRB5_CALLCONV + krb5_c_make_checksum_iov + (krb5_context context, krb5_cksumtype cksumtype, + const krb5_keyblock *key, krb5_keyusage usage, + krb5_crypto_iov *data, size_t num_data); + +krb5_error_code KRB5_CALLCONV + krb5_c_verify_checksum_iov + (krb5_context context, + krb5_cksumtype cksumtype, + const krb5_keyblock *key, krb5_keyusage usage, + const krb5_crypto_iov *data, size_t num_data, + krb5_boolean *valid); + +krb5_error_code KRB5_CALLCONV + krb5_c_encrypt_iov + (krb5_context context, const krb5_keyblock *key, + krb5_keyusage usage, const krb5_data *cipher_state, + krb5_crypto_iov *data, size_t num_data); + +krb5_error_code KRB5_CALLCONV + krb5_c_decrypt_iov + (krb5_context context, const krb5_keyblock *key, + krb5_keyusage usage, const krb5_data *cipher_state, + krb5_crypto_iov *data, size_t num_data); + +krb5_error_code KRB5_CALLCONV + krb5_c_crypto_length + (krb5_context context, krb5_enctype enctype, + krb5_cryptotype type, unsigned int *size); + +krb5_error_code KRB5_CALLCONV + krb5_c_crypto_length_iov + (krb5_context context, krb5_enctype enctype, + krb5_crypto_iov *data, size_t num_data); + +krb5_error_code KRB5_CALLCONV + krb5_c_padding_length + (krb5_context context, krb5_enctype enctype, + size_t data_length, unsigned int *size); + #ifdef KRB5_OLD_CRYPTO /* * old cryptosystem routine prototypes. These are now layered |