tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / include / crypto / krb5.h
at master 165 lines 5.9 kB view raw
1/* SPDX-License-Identifier: GPL-2.0-or-later */ 2/* Kerberos 5 crypto 3 * 4 * Copyright (C) 2025 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8#ifndef _CRYPTO_KRB5_H 9#define _CRYPTO_KRB5_H 10 11#include <linux/crypto.h> 12#include <crypto/aead.h> 13#include <crypto/hash.h> 14 15struct crypto_shash; 16struct scatterlist; 17 18/* 19 * Per Kerberos v5 protocol spec crypto types from the wire. These get mapped 20 * to linux kernel crypto routines. 21 */ 22#define KRB5_ENCTYPE_NULL 0x0000 23#define KRB5_ENCTYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */ 24#define KRB5_ENCTYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */ 25#define KRB5_ENCTYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */ 26#define KRB5_ENCTYPE_DES_CBC_RAW 0x0004 /* DES cbc mode raw */ 27/* XXX deprecated? */ 28#define KRB5_ENCTYPE_DES3_CBC_SHA 0x0005 /* DES-3 cbc mode with NIST-SHA */ 29#define KRB5_ENCTYPE_DES3_CBC_RAW 0x0006 /* DES-3 cbc mode raw */ 30#define KRB5_ENCTYPE_DES_HMAC_SHA1 0x0008 31#define KRB5_ENCTYPE_DES3_CBC_SHA1 0x0010 32#define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011 33#define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012 34#define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128 0x0013 35#define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192 0x0014 36#define KRB5_ENCTYPE_ARCFOUR_HMAC 0x0017 37#define KRB5_ENCTYPE_ARCFOUR_HMAC_EXP 0x0018 38#define KRB5_ENCTYPE_CAMELLIA128_CTS_CMAC 0x0019 39#define KRB5_ENCTYPE_CAMELLIA256_CTS_CMAC 0x001a 40#define KRB5_ENCTYPE_UNKNOWN 0x01ff 41 42#define KRB5_CKSUMTYPE_CRC32 0x0001 43#define KRB5_CKSUMTYPE_RSA_MD4 0x0002 44#define KRB5_CKSUMTYPE_RSA_MD4_DES 0x0003 45#define KRB5_CKSUMTYPE_DESCBC 0x0004 46#define KRB5_CKSUMTYPE_RSA_MD5 0x0007 47#define KRB5_CKSUMTYPE_RSA_MD5_DES 0x0008 48#define KRB5_CKSUMTYPE_NIST_SHA 0x0009 49#define KRB5_CKSUMTYPE_HMAC_SHA1_DES3 0x000c 50#define KRB5_CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f 51#define KRB5_CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 52#define KRB5_CKSUMTYPE_CMAC_CAMELLIA128 0x0011 53#define KRB5_CKSUMTYPE_CMAC_CAMELLIA256 0x0012 54#define KRB5_CKSUMTYPE_HMAC_SHA256_128_AES128 0x0013 55#define KRB5_CKSUMTYPE_HMAC_SHA384_192_AES256 0x0014 56#define KRB5_CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /* Microsoft md5 hmac cksumtype */ 57 58/* 59 * Constants used for key derivation 60 */ 61/* from rfc3961 */ 62#define KEY_USAGE_SEED_CHECKSUM (0x99) 63#define KEY_USAGE_SEED_ENCRYPTION (0xAA) 64#define KEY_USAGE_SEED_INTEGRITY (0x55) 65 66/* 67 * Standard Kerberos error codes. 68 */ 69#define KRB5_PROG_KEYTYPE_NOSUPP -1765328233 70 71/* 72 * Mode of operation. 73 */ 74enum krb5_crypto_mode { 75 KRB5_CHECKSUM_MODE, /* Checksum only */ 76 KRB5_ENCRYPT_MODE, /* Fully encrypted, possibly with integrity checksum */ 77}; 78 79struct krb5_buffer { 80 unsigned int len; 81 void *data; 82}; 83 84/* 85 * Kerberos encoding type definition. 86 */ 87struct krb5_enctype { 88 int etype; /* Encryption (key) type */ 89 int ctype; /* Checksum type */ 90 const char *name; /* "Friendly" name */ 91 const char *encrypt_name; /* Crypto encrypt+checksum name */ 92 const char *cksum_name; /* Crypto checksum name */ 93 const char *hash_name; /* Crypto hash name */ 94 const char *derivation_enc; /* Cipher used in key derivation */ 95 u16 block_len; /* Length of encryption block */ 96 u16 conf_len; /* Length of confounder (normally == block_len) */ 97 u16 cksum_len; /* Length of checksum */ 98 u16 key_bytes; /* Length of raw key, in bytes */ 99 u16 key_len; /* Length of final key, in bytes */ 100 u16 hash_len; /* Length of hash in bytes */ 101 u16 prf_len; /* Length of PRF() result in bytes */ 102 u16 Kc_len; /* Length of Kc in bytes */ 103 u16 Ke_len; /* Length of Ke in bytes */ 104 u16 Ki_len; /* Length of Ki in bytes */ 105 bool keyed_cksum; /* T if a keyed cksum */ 106 107 const struct krb5_crypto_profile *profile; 108 109 int (*random_to_key)(const struct krb5_enctype *krb5, 110 const struct krb5_buffer *in, 111 struct krb5_buffer *out); /* complete key generation */ 112}; 113 114/* 115 * krb5_api.c 116 */ 117const struct krb5_enctype *crypto_krb5_find_enctype(u32 enctype); 118size_t crypto_krb5_how_much_buffer(const struct krb5_enctype *krb5, 119 enum krb5_crypto_mode mode, 120 size_t data_size, size_t *_offset); 121size_t crypto_krb5_how_much_data(const struct krb5_enctype *krb5, 122 enum krb5_crypto_mode mode, 123 size_t *_buffer_size, size_t *_offset); 124void crypto_krb5_where_is_the_data(const struct krb5_enctype *krb5, 125 enum krb5_crypto_mode mode, 126 size_t *_offset, size_t *_len); 127struct crypto_aead *crypto_krb5_prepare_encryption(const struct krb5_enctype *krb5, 128 const struct krb5_buffer *TK, 129 u32 usage, gfp_t gfp); 130struct crypto_shash *crypto_krb5_prepare_checksum(const struct krb5_enctype *krb5, 131 const struct krb5_buffer *TK, 132 u32 usage, gfp_t gfp); 133ssize_t crypto_krb5_encrypt(const struct krb5_enctype *krb5, 134 struct crypto_aead *aead, 135 struct scatterlist *sg, unsigned int nr_sg, 136 size_t sg_len, 137 size_t data_offset, size_t data_len, 138 bool preconfounded); 139int crypto_krb5_decrypt(const struct krb5_enctype *krb5, 140 struct crypto_aead *aead, 141 struct scatterlist *sg, unsigned int nr_sg, 142 size_t *_offset, size_t *_len); 143ssize_t crypto_krb5_get_mic(const struct krb5_enctype *krb5, 144 struct crypto_shash *shash, 145 const struct krb5_buffer *metadata, 146 struct scatterlist *sg, unsigned int nr_sg, 147 size_t sg_len, 148 size_t data_offset, size_t data_len); 149int crypto_krb5_verify_mic(const struct krb5_enctype *krb5, 150 struct crypto_shash *shash, 151 const struct krb5_buffer *metadata, 152 struct scatterlist *sg, unsigned int nr_sg, 153 size_t *_offset, size_t *_len); 154 155/* 156 * krb5_kdf.c 157 */ 158int crypto_krb5_calc_PRFplus(const struct krb5_enctype *krb5, 159 const struct krb5_buffer *K, 160 unsigned int L, 161 const struct krb5_buffer *S, 162 struct krb5_buffer *result, 163 gfp_t gfp); 164 165#endif /* _CRYPTO_KRB5_H */