17c478bd9Sstevel@tonic-gate /*
2159d09a2SMark Phalan * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
37c478bd9Sstevel@tonic-gate * Use is subject to license terms.
47c478bd9Sstevel@tonic-gate */
57c478bd9Sstevel@tonic-gate
67c478bd9Sstevel@tonic-gate
77c478bd9Sstevel@tonic-gate /*
87c478bd9Sstevel@tonic-gate * Copyright (C) 1998 by the FundsXpress, INC.
97c478bd9Sstevel@tonic-gate *
107c478bd9Sstevel@tonic-gate * All rights reserved.
117c478bd9Sstevel@tonic-gate *
127c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may require
137c478bd9Sstevel@tonic-gate * a specific license from the United States Government. It is the
147c478bd9Sstevel@tonic-gate * responsibility of any person or organization contemplating export to
157c478bd9Sstevel@tonic-gate * obtain such a license before exporting.
167c478bd9Sstevel@tonic-gate *
177c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
187c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and
197c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright
207c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and
217c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that
227c478bd9Sstevel@tonic-gate * the name of FundsXpress. not be used in advertising or publicity pertaining
237c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior
247c478bd9Sstevel@tonic-gate * permission. FundsXpress makes no representations about the suitability of
257c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express
267c478bd9Sstevel@tonic-gate * or implied warranty.
277c478bd9Sstevel@tonic-gate *
287c478bd9Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
297c478bd9Sstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
307c478bd9Sstevel@tonic-gate * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
317c478bd9Sstevel@tonic-gate */
327c478bd9Sstevel@tonic-gate
337c478bd9Sstevel@tonic-gate #ifdef _KERNEL
347c478bd9Sstevel@tonic-gate /* Solaris Kerberos:
357c478bd9Sstevel@tonic-gate * we don't provide these functions to the kernel
367c478bd9Sstevel@tonic-gate */
37159d09a2SMark Phalan #define krb5int_des_string_to_key NULL
387c478bd9Sstevel@tonic-gate #define krb5_dk_string_to_key NULL
397c478bd9Sstevel@tonic-gate #define krb5int_arcfour_string_to_key NULL
407c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
417c478bd9Sstevel@tonic-gate
427c478bd9Sstevel@tonic-gate #include <k5-int.h>
437c478bd9Sstevel@tonic-gate #include <enc_provider.h>
447c478bd9Sstevel@tonic-gate #include <hash_provider.h>
457c478bd9Sstevel@tonic-gate #include <etypes.h>
467c478bd9Sstevel@tonic-gate #include <old.h>
477c478bd9Sstevel@tonic-gate #include <raw.h>
487c478bd9Sstevel@tonic-gate
497c478bd9Sstevel@tonic-gate #include <dk.h>
507c478bd9Sstevel@tonic-gate #include <arcfour.h>
517c478bd9Sstevel@tonic-gate
527c478bd9Sstevel@tonic-gate /* these will be linear searched. if they ever get big, a binary
537c478bd9Sstevel@tonic-gate search or hash table would be better, which means these would need
547c478bd9Sstevel@tonic-gate to be sorted. An array would be more efficient, but that assumes
557c478bd9Sstevel@tonic-gate that the keytypes are all near each other. I'd rather not make
567c478bd9Sstevel@tonic-gate that assumption. */
577c478bd9Sstevel@tonic-gate
587c478bd9Sstevel@tonic-gate struct krb5_keytypes krb5_enctypes_list[] = {
597c478bd9Sstevel@tonic-gate { ENCTYPE_DES_CBC_CRC,
607c478bd9Sstevel@tonic-gate "des-cbc-crc", "DES cbc mode with CRC-32",
61159d09a2SMark Phalan &krb5int_enc_des, &krb5int_hash_crc32,
627c478bd9Sstevel@tonic-gate krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
637c478bd9Sstevel@tonic-gate CKSUMTYPE_RSA_MD5,
647c478bd9Sstevel@tonic-gate #ifndef _KERNEL
65159d09a2SMark Phalan krb5int_des_string_to_key,
667c478bd9Sstevel@tonic-gate #else
677c478bd9Sstevel@tonic-gate SUN_CKM_DES_CBC,
687c478bd9Sstevel@tonic-gate NULL,
697c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
707c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
717c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
727c478bd9Sstevel@tonic-gate },
737c478bd9Sstevel@tonic-gate { ENCTYPE_DES_CBC_MD5,
747c478bd9Sstevel@tonic-gate "des-cbc-md5", "DES cbc mode with RSA-MD5",
75159d09a2SMark Phalan &krb5int_enc_des, &krb5int_hash_md5,
767c478bd9Sstevel@tonic-gate krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
777c478bd9Sstevel@tonic-gate CKSUMTYPE_RSA_MD5,
787c478bd9Sstevel@tonic-gate #ifndef _KERNEL
79159d09a2SMark Phalan krb5int_des_string_to_key,
807c478bd9Sstevel@tonic-gate #else
817c478bd9Sstevel@tonic-gate SUN_CKM_DES_CBC,
827c478bd9Sstevel@tonic-gate SUN_CKM_MD5,
837c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
847c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
857c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
867c478bd9Sstevel@tonic-gate },
877c478bd9Sstevel@tonic-gate { ENCTYPE_DES_CBC_MD5,
887c478bd9Sstevel@tonic-gate "des", "DES cbc mode with RSA-MD5", /* alias */
89159d09a2SMark Phalan &krb5int_enc_des, &krb5int_hash_md5,
907c478bd9Sstevel@tonic-gate krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
917c478bd9Sstevel@tonic-gate CKSUMTYPE_RSA_MD5,
927c478bd9Sstevel@tonic-gate #ifndef _KERNEL
93159d09a2SMark Phalan krb5int_des_string_to_key,
947c478bd9Sstevel@tonic-gate #else
957c478bd9Sstevel@tonic-gate SUN_CKM_DES_CBC,
967c478bd9Sstevel@tonic-gate SUN_CKM_MD5,
977c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
987c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
997c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
1007c478bd9Sstevel@tonic-gate },
1017c478bd9Sstevel@tonic-gate { ENCTYPE_DES_CBC_RAW,
1027c478bd9Sstevel@tonic-gate "des-cbc-raw", "DES cbc mode raw",
103159d09a2SMark Phalan &krb5int_enc_des, NULL,
1047c478bd9Sstevel@tonic-gate krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
105*8cd1b718SToomas Soome 0,
1067c478bd9Sstevel@tonic-gate #ifndef _KERNEL
107159d09a2SMark Phalan krb5int_des_string_to_key,
1087c478bd9Sstevel@tonic-gate #else
1097c478bd9Sstevel@tonic-gate SUN_CKM_DES_CBC,
1107c478bd9Sstevel@tonic-gate NULL,
1117c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
1127c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
1137c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
1147c478bd9Sstevel@tonic-gate },
1157c478bd9Sstevel@tonic-gate
1167c478bd9Sstevel@tonic-gate { ENCTYPE_DES3_CBC_RAW,
1177c478bd9Sstevel@tonic-gate "des3-cbc-raw", "Triple DES cbc mode raw",
118159d09a2SMark Phalan &krb5int_enc_des3, NULL,
1197c478bd9Sstevel@tonic-gate krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
120*8cd1b718SToomas Soome 0,
1217c478bd9Sstevel@tonic-gate #ifndef _KERNEL
122159d09a2SMark Phalan krb5int_dk_string_to_key,
1237c478bd9Sstevel@tonic-gate #else
1247c478bd9Sstevel@tonic-gate SUN_CKM_DES3_CBC,
1257c478bd9Sstevel@tonic-gate NULL,
1267c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
1277c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
1287c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
1297c478bd9Sstevel@tonic-gate },
1307c478bd9Sstevel@tonic-gate
1317c478bd9Sstevel@tonic-gate { ENCTYPE_DES3_CBC_SHA1,
1327c478bd9Sstevel@tonic-gate "des3-cbc-sha1", "Triple DES cbc mode with HMAC/sha1",
133159d09a2SMark Phalan &krb5int_enc_des3, &krb5int_hash_sha1,
1347c478bd9Sstevel@tonic-gate krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
1357c478bd9Sstevel@tonic-gate CKSUMTYPE_HMAC_SHA1_DES3,
1367c478bd9Sstevel@tonic-gate #ifndef _KERNEL
137159d09a2SMark Phalan krb5int_dk_string_to_key,
1387c478bd9Sstevel@tonic-gate #else
1397c478bd9Sstevel@tonic-gate SUN_CKM_DES3_CBC,
1407c478bd9Sstevel@tonic-gate SUN_CKM_SHA1_HMAC,
1417c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
1427c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
1437c478bd9Sstevel@tonic-gate #endif
1447c478bd9Sstevel@tonic-gate },
1457c478bd9Sstevel@tonic-gate { ENCTYPE_DES3_CBC_SHA1, /* alias */
1467c478bd9Sstevel@tonic-gate "des3-hmac-sha1", "Triple DES cbc mode with HMAC/sha1",
147159d09a2SMark Phalan &krb5int_enc_des3, &krb5int_hash_sha1,
1487c478bd9Sstevel@tonic-gate krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
1497c478bd9Sstevel@tonic-gate CKSUMTYPE_HMAC_SHA1_DES3,
1507c478bd9Sstevel@tonic-gate #ifndef _KERNEL
151159d09a2SMark Phalan krb5int_dk_string_to_key,
1527c478bd9Sstevel@tonic-gate #else
1537c478bd9Sstevel@tonic-gate SUN_CKM_DES3_CBC,
1547c478bd9Sstevel@tonic-gate SUN_CKM_SHA1_HMAC,
1557c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
1567c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
1577c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
1587c478bd9Sstevel@tonic-gate },
1597c478bd9Sstevel@tonic-gate { ENCTYPE_DES3_CBC_SHA1, /* alias */
1607c478bd9Sstevel@tonic-gate "des3-cbc-sha1-kd", "Triple DES cbc mode with HMAC/sha1",
161159d09a2SMark Phalan &krb5int_enc_des3, &krb5int_hash_sha1,
1627c478bd9Sstevel@tonic-gate krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
1637c478bd9Sstevel@tonic-gate CKSUMTYPE_HMAC_SHA1_DES3,
1647c478bd9Sstevel@tonic-gate #ifndef _KERNEL
165159d09a2SMark Phalan krb5int_dk_string_to_key,
1667c478bd9Sstevel@tonic-gate #else
1677c478bd9Sstevel@tonic-gate SUN_CKM_DES3_CBC,
1687c478bd9Sstevel@tonic-gate SUN_CKM_SHA1_HMAC,
1697c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
1707c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
1717c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
1727c478bd9Sstevel@tonic-gate },
1737c478bd9Sstevel@tonic-gate /* The des3-cbc-hmac-sha1-kd is the official enctype associated with
1747c478bd9Sstevel@tonic-gate * 3DES/SHA1 in draft-ietf-krb-wg-crypto-00.txt
1757c478bd9Sstevel@tonic-gate */
1767c478bd9Sstevel@tonic-gate { ENCTYPE_DES3_CBC_SHA1, /* alias */
1777c478bd9Sstevel@tonic-gate "des3-cbc-hmac-sha1-kd", "Triple DES cbc mode with HMAC/sha1",
178159d09a2SMark Phalan &krb5int_enc_des3, &krb5int_hash_sha1,
1797c478bd9Sstevel@tonic-gate krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
1807c478bd9Sstevel@tonic-gate CKSUMTYPE_HMAC_SHA1_DES3,
1817c478bd9Sstevel@tonic-gate #ifndef _KERNEL
182159d09a2SMark Phalan krb5int_dk_string_to_key,
1837c478bd9Sstevel@tonic-gate #else
1847c478bd9Sstevel@tonic-gate SUN_CKM_DES3_CBC,
1857c478bd9Sstevel@tonic-gate SUN_CKM_SHA1_HMAC,
1867c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
1877c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
1887c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
1897c478bd9Sstevel@tonic-gate },
1907c478bd9Sstevel@tonic-gate
1917c478bd9Sstevel@tonic-gate { ENCTYPE_DES_HMAC_SHA1,
1927c478bd9Sstevel@tonic-gate "des-hmac-sha1", "DES with HMAC/sha1",
193159d09a2SMark Phalan &krb5int_enc_des, &krb5int_hash_sha1,
1947c478bd9Sstevel@tonic-gate krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
195*8cd1b718SToomas Soome 0,
1967c478bd9Sstevel@tonic-gate #ifndef _KERNEL
197159d09a2SMark Phalan krb5int_dk_string_to_key,
1987c478bd9Sstevel@tonic-gate #else
1997c478bd9Sstevel@tonic-gate SUN_CKM_DES_CBC,
2007c478bd9Sstevel@tonic-gate SUN_CKM_SHA1_HMAC,
2017c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
2027c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
2037c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
2047c478bd9Sstevel@tonic-gate },
2057c478bd9Sstevel@tonic-gate { ENCTYPE_ARCFOUR_HMAC,
2067c478bd9Sstevel@tonic-gate "arcfour-hmac","ArcFour with HMAC/md5", &krb5int_enc_arcfour,
207159d09a2SMark Phalan &krb5int_hash_md5,
208159d09a2SMark Phalan krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
2097c478bd9Sstevel@tonic-gate krb5_arcfour_decrypt,
2107c478bd9Sstevel@tonic-gate CKSUMTYPE_HMAC_MD5_ARCFOUR,
2117c478bd9Sstevel@tonic-gate #ifndef _KERNEL
2127c478bd9Sstevel@tonic-gate krb5int_arcfour_string_to_key,
2137c478bd9Sstevel@tonic-gate #else
2147c478bd9Sstevel@tonic-gate SUN_CKM_RC4,
2157c478bd9Sstevel@tonic-gate SUN_CKM_MD5_HMAC,
2167c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
2177c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
2187c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
2197c478bd9Sstevel@tonic-gate },
2207c478bd9Sstevel@tonic-gate { ENCTYPE_ARCFOUR_HMAC, /* alias */
2217c478bd9Sstevel@tonic-gate "rc4-hmac", "ArcFour with HMAC/md5", &krb5int_enc_arcfour,
222159d09a2SMark Phalan &krb5int_hash_md5,
223159d09a2SMark Phalan krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
2247c478bd9Sstevel@tonic-gate krb5_arcfour_decrypt,
2257c478bd9Sstevel@tonic-gate CKSUMTYPE_HMAC_MD5_ARCFOUR,
2267c478bd9Sstevel@tonic-gate #ifndef _KERNEL
2277c478bd9Sstevel@tonic-gate krb5int_arcfour_string_to_key,
2287c478bd9Sstevel@tonic-gate #else
2297c478bd9Sstevel@tonic-gate SUN_CKM_RC4,
2307c478bd9Sstevel@tonic-gate SUN_CKM_MD5_HMAC,
2317c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
2327c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
2337c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
2347c478bd9Sstevel@tonic-gate },
2357c478bd9Sstevel@tonic-gate { ENCTYPE_ARCFOUR_HMAC, /* alias */
2367c478bd9Sstevel@tonic-gate "arcfour-hmac-md5", "ArcFour with HMAC/md5", &krb5int_enc_arcfour,
237159d09a2SMark Phalan &krb5int_hash_md5,
238159d09a2SMark Phalan krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
2397c478bd9Sstevel@tonic-gate krb5_arcfour_decrypt,
2407c478bd9Sstevel@tonic-gate CKSUMTYPE_HMAC_MD5_ARCFOUR,
2417c478bd9Sstevel@tonic-gate #ifndef _KERNEL
2427c478bd9Sstevel@tonic-gate krb5int_arcfour_string_to_key,
2437c478bd9Sstevel@tonic-gate #else
2447c478bd9Sstevel@tonic-gate SUN_CKM_RC4,
2457c478bd9Sstevel@tonic-gate SUN_CKM_MD5_HMAC,
2467c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
2477c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
2487c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
2497c478bd9Sstevel@tonic-gate },
2507c478bd9Sstevel@tonic-gate { ENCTYPE_ARCFOUR_HMAC_EXP,
2517c478bd9Sstevel@tonic-gate "arcfour-hmac-exp", "Exportable ArcFour with HMAC/md5",
2527c478bd9Sstevel@tonic-gate &krb5int_enc_arcfour,
2537c478bd9Sstevel@tonic-gate &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
2547c478bd9Sstevel@tonic-gate krb5_arcfour_decrypt,
2557c478bd9Sstevel@tonic-gate CKSUMTYPE_HMAC_MD5_ARCFOUR,
2567c478bd9Sstevel@tonic-gate #ifndef _KERNEL
2577c478bd9Sstevel@tonic-gate krb5int_arcfour_string_to_key,
2587c478bd9Sstevel@tonic-gate #else
2597c478bd9Sstevel@tonic-gate SUN_CKM_RC4,
2607c478bd9Sstevel@tonic-gate SUN_CKM_MD5_HMAC,
2617c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
2627c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
2637c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
2647c478bd9Sstevel@tonic-gate },
2657c478bd9Sstevel@tonic-gate { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */
2667c478bd9Sstevel@tonic-gate "rc4-hmac-exp", "Exportable ArcFour with HMAC/md5",
2677c478bd9Sstevel@tonic-gate &krb5int_enc_arcfour,
268159d09a2SMark Phalan &krb5int_hash_md5,
269159d09a2SMark Phalan krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
2707c478bd9Sstevel@tonic-gate krb5_arcfour_decrypt,
2717c478bd9Sstevel@tonic-gate CKSUMTYPE_HMAC_MD5_ARCFOUR,
2727c478bd9Sstevel@tonic-gate #ifndef _KERNEL
2737c478bd9Sstevel@tonic-gate krb5int_arcfour_string_to_key,
2747c478bd9Sstevel@tonic-gate #else
2757c478bd9Sstevel@tonic-gate SUN_CKM_RC4,
2767c478bd9Sstevel@tonic-gate SUN_CKM_MD5_HMAC,
2777c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
2787c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
2797c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
2807c478bd9Sstevel@tonic-gate },
2817c478bd9Sstevel@tonic-gate { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */
2827c478bd9Sstevel@tonic-gate "arcfour-hmac-md5-exp", "Exportable ArcFour with HMAC/md5",
2837c478bd9Sstevel@tonic-gate &krb5int_enc_arcfour,
284159d09a2SMark Phalan &krb5int_hash_md5,
285159d09a2SMark Phalan krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
2867c478bd9Sstevel@tonic-gate krb5_arcfour_decrypt,
2877c478bd9Sstevel@tonic-gate CKSUMTYPE_HMAC_MD5_ARCFOUR,
2887c478bd9Sstevel@tonic-gate #ifndef _KERNEL
2897c478bd9Sstevel@tonic-gate krb5int_arcfour_string_to_key,
2907c478bd9Sstevel@tonic-gate #else
2917c478bd9Sstevel@tonic-gate SUN_CKM_RC4,
2927c478bd9Sstevel@tonic-gate SUN_CKM_MD5_HMAC,
2937c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
2947c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
2957c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
2967c478bd9Sstevel@tonic-gate },
2977c478bd9Sstevel@tonic-gate
298c54c769dSwillf /*
299c54c769dSwillf * Note, all AES enctypes must use SUN_CKM_AES_CBC. See aes_provider.c for
300c54c769dSwillf * more info.
301c54c769dSwillf */
3027c478bd9Sstevel@tonic-gate { ENCTYPE_AES128_CTS_HMAC_SHA1_96,
3037c478bd9Sstevel@tonic-gate "aes128-cts-hmac-sha1-96", "AES-128 CTS mode with 96-bit SHA-1 HMAC",
304159d09a2SMark Phalan &krb5int_enc_aes128, &krb5int_hash_sha1,
3057c478bd9Sstevel@tonic-gate krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
3067c478bd9Sstevel@tonic-gate CKSUMTYPE_HMAC_SHA1_96_AES128,
3077c478bd9Sstevel@tonic-gate #ifndef _KERNEL
3087c478bd9Sstevel@tonic-gate krb5int_aes_string_to_key,
3097c478bd9Sstevel@tonic-gate #else
310c54c769dSwillf SUN_CKM_AES_CBC,
3117c478bd9Sstevel@tonic-gate SUN_CKM_SHA1_HMAC,
3127c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
3137c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
3147c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
3157c478bd9Sstevel@tonic-gate },
3167c478bd9Sstevel@tonic-gate { ENCTYPE_AES128_CTS_HMAC_SHA1_96,
3177c478bd9Sstevel@tonic-gate "aes128-cts", "AES-128 CTS mode with 96-bit SHA-1 HMAC",
318159d09a2SMark Phalan &krb5int_enc_aes128, &krb5int_hash_sha1,
3197c478bd9Sstevel@tonic-gate krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
3207c478bd9Sstevel@tonic-gate CKSUMTYPE_HMAC_SHA1_96_AES128,
3217c478bd9Sstevel@tonic-gate #ifndef _KERNEL
3227c478bd9Sstevel@tonic-gate krb5int_aes_string_to_key,
3237c478bd9Sstevel@tonic-gate #else
324c54c769dSwillf SUN_CKM_AES_CBC,
3257c478bd9Sstevel@tonic-gate SUN_CKM_SHA1_HMAC,
3267c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
3277c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
3287c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
3297c478bd9Sstevel@tonic-gate },
3307c478bd9Sstevel@tonic-gate { ENCTYPE_AES256_CTS_HMAC_SHA1_96,
3317c478bd9Sstevel@tonic-gate "aes256-cts-hmac-sha1-96", "AES-256 CTS mode with 96-bit SHA-1 HMAC",
332159d09a2SMark Phalan &krb5int_enc_aes256, &krb5int_hash_sha1,
3337c478bd9Sstevel@tonic-gate krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
3347c478bd9Sstevel@tonic-gate CKSUMTYPE_HMAC_SHA1_96_AES256,
3357c478bd9Sstevel@tonic-gate #ifndef _KERNEL
3367c478bd9Sstevel@tonic-gate krb5int_aes_string_to_key,
3377c478bd9Sstevel@tonic-gate #else
338c54c769dSwillf SUN_CKM_AES_CBC,
3397c478bd9Sstevel@tonic-gate SUN_CKM_SHA1_HMAC,
3407c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
3417c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
3427c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
3437c478bd9Sstevel@tonic-gate },
3447c478bd9Sstevel@tonic-gate { ENCTYPE_AES256_CTS_HMAC_SHA1_96,
3457c478bd9Sstevel@tonic-gate "aes256-cts", "AES-256 CTS mode with 96-bit SHA-1 HMAC",
346159d09a2SMark Phalan &krb5int_enc_aes256, &krb5int_hash_sha1,
3477c478bd9Sstevel@tonic-gate krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
3487c478bd9Sstevel@tonic-gate CKSUMTYPE_HMAC_SHA1_96_AES256,
3497c478bd9Sstevel@tonic-gate #ifndef _KERNEL
3507c478bd9Sstevel@tonic-gate krb5int_aes_string_to_key,
3517c478bd9Sstevel@tonic-gate #else
352c54c769dSwillf SUN_CKM_AES_CBC,
3537c478bd9Sstevel@tonic-gate SUN_CKM_SHA1_HMAC,
3547c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID,
3557c478bd9Sstevel@tonic-gate CRYPTO_MECH_INVALID
3567c478bd9Sstevel@tonic-gate #endif /* !_KERNEL */
3577c478bd9Sstevel@tonic-gate },
3587c478bd9Sstevel@tonic-gate };
3597c478bd9Sstevel@tonic-gate
3607c478bd9Sstevel@tonic-gate const int krb5_enctypes_length =
3617c478bd9Sstevel@tonic-gate sizeof(krb5_enctypes_list)/sizeof(struct krb5_keytypes);
3627c478bd9Sstevel@tonic-gate
3637c478bd9Sstevel@tonic-gate #ifdef _KERNEL
3647c478bd9Sstevel@tonic-gate
3657c478bd9Sstevel@tonic-gate /*
3667c478bd9Sstevel@tonic-gate * Routine to pre-fetch the mechanism types from KEF so
3677c478bd9Sstevel@tonic-gate * we dont keep doing this step later.
3687c478bd9Sstevel@tonic-gate */
3697c478bd9Sstevel@tonic-gate void
setup_kef_keytypes()3707c478bd9Sstevel@tonic-gate setup_kef_keytypes()
3717c478bd9Sstevel@tonic-gate {
3727c478bd9Sstevel@tonic-gate int i;
3737c478bd9Sstevel@tonic-gate struct krb5_keytypes *kt;
3747c478bd9Sstevel@tonic-gate
3757c478bd9Sstevel@tonic-gate for (i=0; i<krb5_enctypes_length; i++) {
3767c478bd9Sstevel@tonic-gate kt = (struct krb5_keytypes *)&krb5_enctypes_list[i];
3777c478bd9Sstevel@tonic-gate if (kt->kef_cipher_mt == CRYPTO_MECH_INVALID &&
3787c478bd9Sstevel@tonic-gate kt->mt_e_name != NULL) {
3797c478bd9Sstevel@tonic-gate krb5_enctypes_list[i].kef_cipher_mt =
3807c478bd9Sstevel@tonic-gate crypto_mech2id(kt->mt_e_name);
3817c478bd9Sstevel@tonic-gate }
3827c478bd9Sstevel@tonic-gate
3837c478bd9Sstevel@tonic-gate if (kt->kef_hash_mt == CRYPTO_MECH_INVALID &&
3847c478bd9Sstevel@tonic-gate kt->mt_h_name != NULL) {
3857c478bd9Sstevel@tonic-gate krb5_enctypes_list[i].kef_hash_mt =
3867c478bd9Sstevel@tonic-gate crypto_mech2id(kt->mt_h_name);
3877c478bd9Sstevel@tonic-gate }
3887c478bd9Sstevel@tonic-gate KRB5_LOG1(KRB5_INFO, "setup_kef_keytypes(): %s ==> %ld",
3897c478bd9Sstevel@tonic-gate kt->mt_e_name,
3907c478bd9Sstevel@tonic-gate (ulong_t) krb5_enctypes_list[i].kef_cipher_mt);
3917c478bd9Sstevel@tonic-gate }
3927c478bd9Sstevel@tonic-gate }
3937c478bd9Sstevel@tonic-gate
3947c478bd9Sstevel@tonic-gate /*ARGSUSED*/
3957c478bd9Sstevel@tonic-gate crypto_mech_type_t
get_cipher_mech_type(krb5_context context,krb5_keyblock * key)3967c478bd9Sstevel@tonic-gate get_cipher_mech_type(krb5_context context, krb5_keyblock *key)
3977c478bd9Sstevel@tonic-gate {
3987c478bd9Sstevel@tonic-gate int i;
3997c478bd9Sstevel@tonic-gate struct krb5_keytypes *kt;
4007c478bd9Sstevel@tonic-gate
4017c478bd9Sstevel@tonic-gate if (key == NULL)
4027c478bd9Sstevel@tonic-gate return (CRYPTO_MECH_INVALID);
4037c478bd9Sstevel@tonic-gate
4047c478bd9Sstevel@tonic-gate for (i=0; i<krb5_enctypes_length; i++) {
4057c478bd9Sstevel@tonic-gate kt = (struct krb5_keytypes *)&krb5_enctypes_list[i];
4067c478bd9Sstevel@tonic-gate if (kt->etype == key->enctype) {
4077c478bd9Sstevel@tonic-gate KRB5_LOG1(KRB5_INFO, "get_cipher_mech_type() "
4087c478bd9Sstevel@tonic-gate "found %s %ld",
4097c478bd9Sstevel@tonic-gate kt->mt_e_name,
4107c478bd9Sstevel@tonic-gate (ulong_t) kt->kef_cipher_mt);
4117c478bd9Sstevel@tonic-gate return (kt->kef_cipher_mt);
4127c478bd9Sstevel@tonic-gate }
4137c478bd9Sstevel@tonic-gate }
4147c478bd9Sstevel@tonic-gate return (CRYPTO_MECH_INVALID);
4157c478bd9Sstevel@tonic-gate }
4167c478bd9Sstevel@tonic-gate
4177c478bd9Sstevel@tonic-gate /*ARGSUSED*/
4187c478bd9Sstevel@tonic-gate crypto_mech_type_t
get_hash_mech_type(krb5_context context,krb5_keyblock * key)4197c478bd9Sstevel@tonic-gate get_hash_mech_type(krb5_context context, krb5_keyblock *key)
4207c478bd9Sstevel@tonic-gate {
4217c478bd9Sstevel@tonic-gate int i;
4227c478bd9Sstevel@tonic-gate struct krb5_keytypes *kt;
4237c478bd9Sstevel@tonic-gate
4247c478bd9Sstevel@tonic-gate if (key == NULL)
4257c478bd9Sstevel@tonic-gate return (CRYPTO_MECH_INVALID);
4267c478bd9Sstevel@tonic-gate
4277c478bd9Sstevel@tonic-gate for (i=0; i<krb5_enctypes_length; i++) {
4287c478bd9Sstevel@tonic-gate kt = (struct krb5_keytypes *)&krb5_enctypes_list[i];
4297c478bd9Sstevel@tonic-gate if (kt->etype == key->enctype) {
4307c478bd9Sstevel@tonic-gate KRB5_LOG1(KRB5_INFO, "get_hash_mech_type() "
4317c478bd9Sstevel@tonic-gate "found %s %ld",
4327c478bd9Sstevel@tonic-gate kt->mt_h_name,
4337c478bd9Sstevel@tonic-gate (ulong_t) kt->kef_hash_mt);
4347c478bd9Sstevel@tonic-gate return (kt->kef_hash_mt);
4357c478bd9Sstevel@tonic-gate }
4367c478bd9Sstevel@tonic-gate }
4377c478bd9Sstevel@tonic-gate return (CRYPTO_MECH_INVALID);
4387c478bd9Sstevel@tonic-gate }
4397c478bd9Sstevel@tonic-gate
4407c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
441