|
Packit |
fd8b60 |
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
|
|
Packit |
fd8b60 |
/*
|
|
Packit |
fd8b60 |
* Copyright (C) 1998 by the FundsXpress, INC.
|
|
Packit |
fd8b60 |
*
|
|
Packit |
fd8b60 |
* All rights reserved.
|
|
Packit |
fd8b60 |
*
|
|
Packit |
fd8b60 |
* Export of this software from the United States of America may require
|
|
Packit |
fd8b60 |
* a specific license from the United States Government. It is the
|
|
Packit |
fd8b60 |
* responsibility of any person or organization contemplating export to
|
|
Packit |
fd8b60 |
* obtain such a license before exporting.
|
|
Packit |
fd8b60 |
*
|
|
Packit |
fd8b60 |
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
|
Packit |
fd8b60 |
* distribute this software and its documentation for any purpose and
|
|
Packit |
fd8b60 |
* without fee is hereby granted, provided that the above copyright
|
|
Packit |
fd8b60 |
* notice appear in all copies and that both that copyright notice and
|
|
Packit |
fd8b60 |
* this permission notice appear in supporting documentation, and that
|
|
Packit |
fd8b60 |
* the name of FundsXpress. not be used in advertising or publicity pertaining
|
|
Packit |
fd8b60 |
* to distribution of the software without specific, written prior
|
|
Packit |
fd8b60 |
* permission. FundsXpress makes no representations about the suitability of
|
|
Packit |
fd8b60 |
* this software for any purpose. It is provided "as is" without express
|
|
Packit |
fd8b60 |
* or implied warranty.
|
|
Packit |
fd8b60 |
*
|
|
Packit |
fd8b60 |
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
|
|
Packit |
fd8b60 |
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
|
Packit |
fd8b60 |
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
|
Packit |
fd8b60 |
*/
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#include "crypto_int.h"
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
/* these will be linear searched. if they ever get big, a binary
|
|
Packit |
fd8b60 |
search or hash table would be better, which means these would need
|
|
Packit |
fd8b60 |
to be sorted. An array would be more efficient, but that assumes
|
|
Packit |
fd8b60 |
that the keytypes are all near each other. I'd rather not make
|
|
Packit |
fd8b60 |
that assumption. */
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
/* Deprecations come from RFC 6649 and RFC 8249. */
|
|
Packit |
fd8b60 |
const struct krb5_keytypes krb5int_enctypes_list[] = {
|
|
Packit Service |
e737ee |
{ ENCTYPE_DES3_CBC_RAW,
|
|
Packit Service |
e737ee |
"des3-cbc-raw", { 0 }, "Triple DES cbc mode raw",
|
|
Packit Service |
e737ee |
&krb5int_enc_des3, NULL,
|
|
Packit Service |
e737ee |
16,
|
|
Packit Service |
e737ee |
krb5int_raw_crypto_length, krb5int_raw_encrypt, krb5int_raw_decrypt,
|
|
Packit Service |
e737ee |
krb5int_dk_string_to_key, k5_rand2key_des3,
|
|
Packit Service |
e737ee |
NULL, /*PRF*/
|
|
Packit Service |
e737ee |
0,
|
|
Packit Service |
e737ee |
ETYPE_WEAK | ETYPE_DEPRECATED, 112 },
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
{ ENCTYPE_DES3_CBC_SHA1,
|
|
Packit Service |
e737ee |
"des3-cbc-sha1", { "des3-hmac-sha1", "des3-cbc-sha1-kd" },
|
|
Packit Service |
e737ee |
"Triple DES cbc mode with HMAC/sha1",
|
|
Packit Service |
e737ee |
&krb5int_enc_des3, &krb5int_hash_sha1,
|
|
Packit Service |
e737ee |
16,
|
|
Packit Service |
e737ee |
krb5int_dk_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
|
|
Packit Service |
e737ee |
krb5int_dk_string_to_key, k5_rand2key_des3,
|
|
Packit Service |
e737ee |
krb5int_dk_prf,
|
|
Packit Service |
e737ee |
CKSUMTYPE_HMAC_SHA1_DES3,
|
|
Packit Service |
e737ee |
ETYPE_DEPRECATED, 112 },
|
|
Packit Service |
e737ee |
|
|
Packit |
fd8b60 |
/* rc4-hmac uses a 128-bit key, but due to weaknesses in the RC4 cipher, we
|
|
Packit |
fd8b60 |
* consider its strength degraded and assign it an SSF value of 64. */
|
|
Packit |
fd8b60 |
{ ENCTYPE_ARCFOUR_HMAC,
|
|
Packit |
fd8b60 |
"arcfour-hmac", { "rc4-hmac", "arcfour-hmac-md5" },
|
|
Packit |
fd8b60 |
"ArcFour with HMAC/md5",
|
|
Packit |
fd8b60 |
&krb5int_enc_arcfour,
|
|
Packit |
fd8b60 |
&krb5int_hash_md5,
|
|
Packit |
fd8b60 |
20,
|
|
Packit |
fd8b60 |
krb5int_arcfour_crypto_length, krb5int_arcfour_encrypt,
|
|
Packit |
fd8b60 |
krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key,
|
|
Packit |
fd8b60 |
k5_rand2key_direct, krb5int_arcfour_prf,
|
|
Packit |
fd8b60 |
CKSUMTYPE_HMAC_MD5_ARCFOUR,
|
|
Packit |
fd8b60 |
ETYPE_DEPRECATED, 64 },
|
|
Packit |
fd8b60 |
{ ENCTYPE_ARCFOUR_HMAC_EXP,
|
|
Packit |
fd8b60 |
"arcfour-hmac-exp", { "rc4-hmac-exp", "arcfour-hmac-md5-exp" },
|
|
Packit |
fd8b60 |
"Exportable ArcFour with HMAC/md5",
|
|
Packit |
fd8b60 |
&krb5int_enc_arcfour,
|
|
Packit |
fd8b60 |
&krb5int_hash_md5,
|
|
Packit |
fd8b60 |
20,
|
|
Packit |
fd8b60 |
krb5int_arcfour_crypto_length, krb5int_arcfour_encrypt,
|
|
Packit |
fd8b60 |
krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key,
|
|
Packit |
fd8b60 |
k5_rand2key_direct, krb5int_arcfour_prf,
|
|
Packit |
fd8b60 |
CKSUMTYPE_HMAC_MD5_ARCFOUR,
|
|
Packit |
fd8b60 |
ETYPE_WEAK | ETYPE_DEPRECATED, 40
|
|
Packit |
fd8b60 |
},
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
{ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
|
|
Packit |
fd8b60 |
"aes128-cts-hmac-sha1-96", { "aes128-cts", "aes128-sha1" },
|
|
Packit |
fd8b60 |
"AES-128 CTS mode with 96-bit SHA-1 HMAC",
|
|
Packit |
fd8b60 |
&krb5int_enc_aes128, &krb5int_hash_sha1,
|
|
Packit |
fd8b60 |
16,
|
|
Packit |
fd8b60 |
krb5int_aes_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
|
|
Packit |
fd8b60 |
krb5int_aes_string_to_key, k5_rand2key_direct,
|
|
Packit |
fd8b60 |
krb5int_dk_prf,
|
|
Packit |
fd8b60 |
CKSUMTYPE_HMAC_SHA1_96_AES128,
|
|
Packit |
fd8b60 |
0 /*flags*/, 128 },
|
|
Packit |
fd8b60 |
{ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
|
|
Packit |
fd8b60 |
"aes256-cts-hmac-sha1-96", { "aes256-cts", "aes256-sha1" },
|
|
Packit |
fd8b60 |
"AES-256 CTS mode with 96-bit SHA-1 HMAC",
|
|
Packit |
fd8b60 |
&krb5int_enc_aes256, &krb5int_hash_sha1,
|
|
Packit |
fd8b60 |
16,
|
|
Packit |
fd8b60 |
krb5int_aes_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
|
|
Packit |
fd8b60 |
krb5int_aes_string_to_key, k5_rand2key_direct,
|
|
Packit |
fd8b60 |
krb5int_dk_prf,
|
|
Packit |
fd8b60 |
CKSUMTYPE_HMAC_SHA1_96_AES256,
|
|
Packit |
fd8b60 |
0 /*flags*/, 256 },
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
{ ENCTYPE_CAMELLIA128_CTS_CMAC,
|
|
Packit |
fd8b60 |
"camellia128-cts-cmac", { "camellia128-cts" },
|
|
Packit |
fd8b60 |
"Camellia-128 CTS mode with CMAC",
|
|
Packit |
fd8b60 |
&krb5int_enc_camellia128, NULL,
|
|
Packit |
fd8b60 |
16,
|
|
Packit |
fd8b60 |
krb5int_camellia_crypto_length,
|
|
Packit |
fd8b60 |
krb5int_dk_cmac_encrypt, krb5int_dk_cmac_decrypt,
|
|
Packit |
fd8b60 |
krb5int_camellia_string_to_key, k5_rand2key_direct,
|
|
Packit |
fd8b60 |
krb5int_dk_cmac_prf,
|
|
Packit |
fd8b60 |
CKSUMTYPE_CMAC_CAMELLIA128,
|
|
Packit |
fd8b60 |
0 /*flags*/, 128 },
|
|
Packit |
fd8b60 |
{ ENCTYPE_CAMELLIA256_CTS_CMAC,
|
|
Packit |
fd8b60 |
"camellia256-cts-cmac", { "camellia256-cts" },
|
|
Packit |
fd8b60 |
"Camellia-256 CTS mode with CMAC",
|
|
Packit |
fd8b60 |
&krb5int_enc_camellia256, NULL,
|
|
Packit |
fd8b60 |
16,
|
|
Packit |
fd8b60 |
krb5int_camellia_crypto_length,
|
|
Packit |
fd8b60 |
krb5int_dk_cmac_encrypt, krb5int_dk_cmac_decrypt,
|
|
Packit |
fd8b60 |
krb5int_camellia_string_to_key, k5_rand2key_direct,
|
|
Packit |
fd8b60 |
krb5int_dk_cmac_prf,
|
|
Packit |
fd8b60 |
CKSUMTYPE_CMAC_CAMELLIA256,
|
|
Packit |
fd8b60 |
0 /*flags */, 256 },
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
{ ENCTYPE_AES128_CTS_HMAC_SHA256_128,
|
|
Packit |
fd8b60 |
"aes128-cts-hmac-sha256-128", { "aes128-sha2" },
|
|
Packit |
fd8b60 |
"AES-128 CTS mode with 128-bit SHA-256 HMAC",
|
|
Packit |
fd8b60 |
&krb5int_enc_aes128, &krb5int_hash_sha256,
|
|
Packit |
fd8b60 |
32,
|
|
Packit |
fd8b60 |
krb5int_aes2_crypto_length, krb5int_etm_encrypt, krb5int_etm_decrypt,
|
|
Packit |
fd8b60 |
krb5int_aes2_string_to_key, k5_rand2key_direct,
|
|
Packit |
fd8b60 |
krb5int_aes2_prf,
|
|
Packit |
fd8b60 |
CKSUMTYPE_HMAC_SHA256_128_AES128,
|
|
Packit |
fd8b60 |
0 /*flags*/, 128 },
|
|
Packit |
fd8b60 |
{ ENCTYPE_AES256_CTS_HMAC_SHA384_192,
|
|
Packit |
fd8b60 |
"aes256-cts-hmac-sha384-192", { "aes256-sha2" },
|
|
Packit |
fd8b60 |
"AES-256 CTS mode with 192-bit SHA-384 HMAC",
|
|
Packit |
fd8b60 |
&krb5int_enc_aes256, &krb5int_hash_sha384,
|
|
Packit |
fd8b60 |
48,
|
|
Packit |
fd8b60 |
krb5int_aes2_crypto_length, krb5int_etm_encrypt, krb5int_etm_decrypt,
|
|
Packit |
fd8b60 |
krb5int_aes2_string_to_key, k5_rand2key_direct,
|
|
Packit |
fd8b60 |
krb5int_aes2_prf,
|
|
Packit |
fd8b60 |
CKSUMTYPE_HMAC_SHA384_192_AES256,
|
|
Packit |
fd8b60 |
0 /*flags*/, 256 },
|
|
Packit |
fd8b60 |
};
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
const int krb5int_enctypes_length =
|
|
Packit |
fd8b60 |
sizeof(krb5int_enctypes_list) / sizeof(struct krb5_keytypes);
|