1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
/*
* $Source$
* $Author$
* $Id$
*
* Copyright 1989,1990 by the Massachusetts Institute of Technology.
*
* For copying and distribution information, please see the file
* <krb5/mit-copyright.h>.
*
* Encryption interface-related declarations
*/
#include <krb5/copyright.h>
#ifndef __KRB5_ENCRYPTION__
#define __KRB5_ENCRYPTION__
typedef struct _krb5_keyblock {
krb5_keytype keytype;
int length;
krb5_octet *contents;
} krb5_keyblock;
typedef struct _krb5_checksum {
krb5_cksumtype checksum_type; /* checksum type */
int length;
krb5_octet *contents;
} krb5_checksum;
typedef struct _krb5_encrypt_block {
struct _krb5_cryptosystem_entry *crypto_entry;
krb5_keyblock *key;
krb5_pointer priv; /* for private use, e.g. DES
key schedules */
} krb5_encrypt_block;
/* could be used in a table to find an etype and initialize a block */
typedef struct _krb5_cryptosystem_entry {
krb5_error_code (*encrypt_func) PROTOTYPE((krb5_pointer /* in */,
krb5_pointer /* out */,
size_t,
krb5_encrypt_block *));
krb5_error_code (*decrypt_func) PROTOTYPE((krb5_pointer /* in */,
krb5_pointer /* out */,
size_t,
krb5_encrypt_block *));
krb5_error_code (*process_key) PROTOTYPE((krb5_encrypt_block *,
krb5_keyblock *));
krb5_error_code (*finish_key) PROTOTYPE((krb5_encrypt_block *));
krb5_error_code (*string_to_key) PROTOTYPE((krb5_keytype, krb5_keyblock *,
krb5_data *,
krb5_principal));
krb5_error_code (*init_random_key) PROTOTYPE((krb5_keyblock *,
krb5_pointer *));
krb5_error_code (*finish_random_key) PROTOTYPE((krb5_pointer *));
krb5_error_code (*random_key) PROTOTYPE((krb5_pointer,
krb5_keyblock **));
int block_length;
int pad_minimum; /* needed for cksum size computation */
int keysize;
krb5_enctype proto_enctype; /* encryption type,
(assigned protocol number) */
} krb5_cryptosystem_entry;
typedef struct _krb5_cs_table_entry {
krb5_cryptosystem_entry *system;
krb5_pointer random_sequence; /* from init_random_key() */
} krb5_cs_table_entry;
/* could be used in a table to find a sumtype */
typedef struct _krb5_checksum_entry {
krb5_error_code (*sum_func) PROTOTYPE ((krb5_pointer /* in */,
krb5_pointer /* out */,
krb5_pointer /* seed */,
size_t /* in_length */,
size_t /* seed_length */,
krb5_checksum * /* out_cksum */));
int checksum_length; /* length of stuff returned by
sum_func */
} krb5_checksum_entry;
/* per Kerberos v5 protocol spec */
#define KEYTYPE_NULL 0x0000
#define KEYTYPE_DES 0x0001 /* Data Encryption Standard,
FIPS 46,81 */
#define KEYTYPE_LUCIFER 0x0002 /* Lucifer */
#define ETYPE_NULL 0x0000
#define ETYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */
#define ETYPE_LUCIFER_CRC 0x0002
#define CKSUMTYPE_CRC32 0x0001
#define CKSUMTYPE_XXX 0x0002
#define CKSUMTYPE_XEROX 0x0003
#define CKSUMTYPE_DESCBC 0x0004
/* macros to determine if a type is a local type */
#define KEYTYPE_IS_LOCAL(keytype) (keytype & 0x8000)
#define ETYPE_IS_LOCAL(etype) (etype & 0x8000)
#define CKSUMTYPE_IS_LOCAL(cksumtype) (cksumtype & 0x8000)
#ifndef krb5_roundup
/* round x up to nearest multiple of y */
#define krb5_roundup(x, y) ((((x) + (y) - 1)/(y))*(y))
#endif /* roundup */
/* macro function definitions to help clean up code */
#define krb5_encrypt_size(length, crypto) \
krb5_roundup((length)+(crypto)->pad_minimum, (crypto)->block_length)
extern krb5_cs_table_entry *krb5_csarray[];
extern int krb5_max_cryptosystem; /* max entry in array */
extern krb5_checksum_entry *krb5_cksumarray[];
extern int krb5_max_cksum; /* max entry in array */
#define valid_etype(etype) ((etype <= krb5_max_cryptosystem) && (etype > 0) && krb5_csarray[etype])
#define valid_cksumtype(cktype) ((cktype <= krb5_max_cksum) && (cktype > 0) && krb5_cksumarray[cktype])
#endif /* __KRB5_ENCRYPTION__ */
|
