krb5.h source code [linux/include/crypto/krb5.h]

1	/ SPDX-License-Identifier: GPL-2.0-or-later /
2	/ Kerberos 5 crypto*
3	*
4	* Copyright (C) 2025 Red Hat, Inc. All Rights Reserved.
5	* Written by David Howells (dhowells@redhat.com)
6	*/
7
8	#ifndef _CRYPTO_KRB5_H
9	#define _CRYPTO_KRB5_H
10
11	#include <linux/crypto.h>
12	#include <crypto/aead.h>
13	#include <crypto/hash.h>
14
15	struct crypto_shash;
16	struct scatterlist;
17
18	/*
19	* Per Kerberos v5 protocol spec crypto types from the wire. These get mapped
20	* to linux kernel crypto routines.
21	*/
22	#define KRB5_ENCTYPE_NULL 0x0000
23	#define KRB5_ENCTYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */
24	#define KRB5_ENCTYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */
25	#define KRB5_ENCTYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */
26	#define KRB5_ENCTYPE_DES_CBC_RAW 0x0004 /* DES cbc mode raw */
27	/ XXX deprecated? /
28	#define KRB5_ENCTYPE_DES3_CBC_SHA 0x0005 /* DES-3 cbc mode with NIST-SHA */
29	#define KRB5_ENCTYPE_DES3_CBC_RAW 0x0006 /* DES-3 cbc mode raw */
30	#define KRB5_ENCTYPE_DES_HMAC_SHA1 0x0008
31	#define KRB5_ENCTYPE_DES3_CBC_SHA1 0x0010
32	#define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011
33	#define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012
34	#define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128 0x0013
35	#define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192 0x0014
36	#define KRB5_ENCTYPE_ARCFOUR_HMAC 0x0017
37	#define KRB5_ENCTYPE_ARCFOUR_HMAC_EXP 0x0018
38	#define KRB5_ENCTYPE_CAMELLIA128_CTS_CMAC 0x0019
39	#define KRB5_ENCTYPE_CAMELLIA256_CTS_CMAC 0x001a
40	#define KRB5_ENCTYPE_UNKNOWN 0x01ff
41
42	#define KRB5_CKSUMTYPE_CRC32 0x0001
43	#define KRB5_CKSUMTYPE_RSA_MD4 0x0002
44	#define KRB5_CKSUMTYPE_RSA_MD4_DES 0x0003
45	#define KRB5_CKSUMTYPE_DESCBC 0x0004
46	#define KRB5_CKSUMTYPE_RSA_MD5 0x0007
47	#define KRB5_CKSUMTYPE_RSA_MD5_DES 0x0008
48	#define KRB5_CKSUMTYPE_NIST_SHA 0x0009
49	#define KRB5_CKSUMTYPE_HMAC_SHA1_DES3 0x000c
50	#define KRB5_CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f
51	#define KRB5_CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010
52	#define KRB5_CKSUMTYPE_CMAC_CAMELLIA128 0x0011
53	#define KRB5_CKSUMTYPE_CMAC_CAMELLIA256 0x0012
54	#define KRB5_CKSUMTYPE_HMAC_SHA256_128_AES128 0x0013
55	#define KRB5_CKSUMTYPE_HMAC_SHA384_192_AES256 0x0014
56	#define KRB5_CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /* Microsoft md5 hmac cksumtype */
57
58	/*
59	* Constants used for key derivation
60	*/
61	/ from rfc3961 /
62	#define KEY_USAGE_SEED_CHECKSUM (0x99)
63	#define KEY_USAGE_SEED_ENCRYPTION (0xAA)
64	#define KEY_USAGE_SEED_INTEGRITY (0x55)
65
66	/*
67	* Standard Kerberos error codes.
68	*/
69	#define KRB5_PROG_KEYTYPE_NOSUPP -1765328233
70
71	/*
72	* Mode of operation.
73	*/
74	enum krb5_crypto_mode {
75	KRB5_CHECKSUM_MODE, / Checksum only /
76	KRB5_ENCRYPT_MODE, / Fully encrypted, possibly with integrity checksum /
77	};
78
79	struct krb5_buffer {
80	unsigned int len;
81	void *data;
82	};
83
84	/*
85	* Kerberos encoding type definition.
86	*/
87	struct krb5_enctype {
88	int etype; / Encryption (key) type /
89	int ctype; / Checksum type /
90	const char name; /* "Friendly" name /
91	const char encrypt_name; /* Crypto encrypt+checksum name /
92	const char cksum_name; /* Crypto checksum name /
93	const char hash_name; /* Crypto hash name /
94	const char derivation_enc; /* Cipher used in key derivation /
95	u16 block_len; / Length of encryption block /
96	u16 conf_len; / Length of confounder (normally == block_len) /
97	u16 cksum_len; / Length of checksum /
98	u16 key_bytes; / Length of raw key, in bytes /
99	u16 key_len; / Length of final key, in bytes /
100	u16 hash_len; / Length of hash in bytes /
101	u16 prf_len; / Length of PRF() result in bytes /
102	u16 Kc_len; / Length of Kc in bytes /
103	u16 Ke_len; / Length of Ke in bytes /
104	u16 Ki_len; / Length of Ki in bytes /
105	bool keyed_cksum; / T if a keyed cksum /
106
107	const struct krb5_crypto_profile *profile;
108
109	int (random_to_key)(const* struct krb5_enctype *krb5,
110	const struct krb5_buffer *in,
111	struct krb5_buffer out); /* complete key generation /
112	};
113
114	/*
115	* krb5_api.c
116	*/
117	const struct krb5_enctype *crypto_krb5_find_enctype(u32 enctype);
118	size_t crypto_krb5_how_much_buffer(const struct krb5_enctype *krb5,
119	enum krb5_crypto_mode mode,
120	size_t data_size, size_t *_offset);
121	size_t crypto_krb5_how_much_data(const struct krb5_enctype *krb5,
122	enum krb5_crypto_mode mode,
123	size_t _buffer_size, size_t _offset);
124	void crypto_krb5_where_is_the_data(const struct krb5_enctype *krb5,
125	enum krb5_crypto_mode mode,
126	size_t _offset, size_t _len);
127	struct crypto_aead crypto_krb5_prepare_encryption(const* struct krb5_enctype *krb5,
128	const struct krb5_buffer *TK,
129	u32 usage, gfp_t gfp);
130	struct crypto_shash crypto_krb5_prepare_checksum(const* struct krb5_enctype *krb5,
131	const struct krb5_buffer *TK,
132	u32 usage, gfp_t gfp);
133	ssize_t crypto_krb5_encrypt(const struct krb5_enctype *krb5,
134	struct crypto_aead *aead,
135	struct scatterlist sg, unsigned* int nr_sg,
136	size_t sg_len,
137	size_t data_offset, size_t data_len,
138	bool preconfounded);
139	int crypto_krb5_decrypt(const struct krb5_enctype *krb5,
140	struct crypto_aead *aead,
141	struct scatterlist sg, unsigned* int nr_sg,
142	size_t _offset, size_t _len);
143	ssize_t crypto_krb5_get_mic(const struct krb5_enctype *krb5,
144	struct crypto_shash *shash,
145	const struct krb5_buffer *metadata,
146	struct scatterlist sg, unsigned* int nr_sg,
147	size_t sg_len,
148	size_t data_offset, size_t data_len);
149	int crypto_krb5_verify_mic(const struct krb5_enctype *krb5,
150	struct crypto_shash *shash,
151	const struct krb5_buffer *metadata,
152	struct scatterlist sg, unsigned* int nr_sg,
153	size_t _offset, size_t _len);
154
155	/*
156	* krb5_kdf.c
157	*/
158	int crypto_krb5_calc_PRFplus(const struct krb5_enctype *krb5,
159	const struct krb5_buffer *K,
160	unsigned int L,
161	const struct krb5_buffer *S,
162	struct krb5_buffer *result,
163	gfp_t gfp);
164
165	#endif /* _CRYPTO_KRB5_H */
166

source code of linux/include/crypto/krb5.h