/* SPDX-License-Identifier: GPL-2.0 or BSD-3-Clause */ /* * SunRPC GSS Kerberos 5 mechanism internal definitions * * Copyright (c) 2022 Oracle and/or its affiliates. #ifndef _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H#define _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H/* * The RFCs often specify payload lengths in bits. This helper * converts a specified bit-length to the number of octets/bytes. #define BITS2OCTETS(x) ((x) / 8)struct krb5_ctx;struct gss_krb5_enctype {const u32 etype; /* encryption (key) type */ const u32 ctype; /* checksum type */ const char *name; /* "friendly" name */ const char *encrypt_name; /* crypto encrypt name */ const char *aux_cipher; /* aux encrypt cipher name */ const char *cksum_name; /* crypto checksum name */ const u16 signalg; /* signing algorithm */ const u16 sealalg; /* sealing algorithm */ const u32 cksumlength; /* checksum length */ const u32 keyed_cksum; /* is it a keyed cksum? */ const u32 keybytes; /* raw key len, in bytes */ const u32 keylength; /* protocol key length, in octets */ const u32 Kc_length; /* checksum subkey length, in octets */ const u32 Ke_length; /* encryption subkey length, in octets */ const u32 Ki_length; /* integrity subkey length, in octets */ int (*derive_key)(const struct gss_krb5_enctype *gk5e,const struct xdr_netobj *in,struct xdr_netobj *out,const struct xdr_netobj *label,struct krb5_ctx *kctx, u32 offset,struct xdr_buf *buf, struct page **pages);struct krb5_ctx *kctx, u32 offset, u32 len,struct xdr_buf *buf, u32 *headskip, u32 *tailskip);struct krb5_ctx *kctx, struct xdr_buf *text,struct xdr_netobj *token);struct krb5_ctx *kctx, struct xdr_buf *message_buffer,struct xdr_netobj *read_token);struct krb5_ctx *kctx, int offset,struct xdr_buf *buf, struct page **pages);struct krb5_ctx *kctx, int offset, int len,struct xdr_buf *buf, unsigned int *slack,unsigned int *align);/* krb5_ctx flags definitions */ #define KRB5_CTX_FLAG_INITIATOR 0x00000001#define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY 0x00000004struct krb5_ctx {int initiate; /* 1 = initiating, 0 = accepting */ const struct gss_krb5_enctype *gk5e; /* enctype-specific info */ struct crypto_sync_skcipher *enc;struct crypto_sync_skcipher *seq;struct crypto_sync_skcipher *acceptor_enc;struct crypto_sync_skcipher *initiator_enc;struct crypto_sync_skcipher *acceptor_enc_aux;struct crypto_sync_skcipher *initiator_enc_aux;struct crypto_ahash *acceptor_sign;struct crypto_ahash *initiator_sign;struct crypto_ahash *initiator_integ;struct crypto_ahash *acceptor_integ;/* session key */ struct xdr_netobj mech_used;/* * GSS Kerberos 5 mechanism Per-Message calls. struct krb5_ctx *ctx, struct xdr_buf *text,struct xdr_netobj *token);struct krb5_ctx *ctx, struct xdr_buf *message_buffer,struct xdr_netobj *read_token);struct krb5_ctx *kctx, int offset,struct xdr_buf *buf, struct page **pages);struct krb5_ctx *kctx, int offset, int len,struct xdr_buf *buf, unsigned int *slack,unsigned int *align);/* * Implementation internal functions /* Key Derivation Functions */ int krb5_derive_key_v2(const struct gss_krb5_enctype *gk5e,const struct xdr_netobj *inkey,struct xdr_netobj *outkey,const struct xdr_netobj *label,int krb5_kdf_hmac_sha2(const struct gss_krb5_enctype *gk5e,const struct xdr_netobj *inkey,struct xdr_netobj *outkey,const struct xdr_netobj *in_constant,int krb5_kdf_feedback_cmac(const struct gss_krb5_enctype *gk5e,const struct xdr_netobj *inkey,struct xdr_netobj *outkey,const struct xdr_netobj *in_constant,/** * krb5_derive_key - Derive a subkey from a protocol key * @kctx: Kerberos 5 context * @inkey: base protocol key * @outkey: OUT: derived key * @usage: key usage value * @seed: key usage seed (one octet) * @gfp_mask: memory allocation control flags * * Caller sets @outkey->len to the desired length of the derived key. * * On success, returns 0 and fills in @outkey. A negative errno value * is returned on failure. static inline int krb5_derive_key(struct krb5_ctx *kctx,const struct xdr_netobj *inkey,struct xdr_netobj *outkey,const struct gss_krb5_enctype *gk5e = kctx->gk5e;struct xdr_netobj label = {sizeof (label_data),return gk5e->derive_key(gk5e, inkey, outkey, &label, gfp_mask);void krb5_make_confounder(u8 *p, int conflen);struct crypto_ahash *tfm, char *header, int hdrlen,const struct xdr_buf *body, int body_offset,struct xdr_netobj *cksumout);struct crypto_sync_skcipher *key, void *iv, void *in,void *out, int length);int xdr_extend_head(struct xdr_buf *buf, unsigned int base,unsigned int shiftlen);struct krb5_ctx *kctx, u32 offset,struct xdr_buf *buf, struct page **pages);struct krb5_ctx *kctx, u32 offset, u32 len,struct xdr_buf *buf, u32 *plainoffset, u32 *plainlen);struct krb5_ctx *kctx, u32 offset, struct xdr_buf *buf,struct page **pages);struct krb5_ctx *kctx, u32 offset, u32 len,struct xdr_buf *buf, u32 *headskip, u32 *tailskip);#if IS_ENABLED(CONFIG_KUNIT)void krb5_nfold(u32 inbits, const u8 *in, u32 outbits, u8 *out);const struct gss_krb5_enctype *gss_krb5_lookup_enctype(u32 etype);int krb5_cbc_cts_encrypt(struct crypto_sync_skcipher *cts_tfm,struct crypto_sync_skcipher *cbc_tfm, u32 offset,struct xdr_buf *buf, struct page **pages,unsigned int ivsize);int krb5_cbc_cts_decrypt(struct crypto_sync_skcipher *cts_tfm,struct crypto_sync_skcipher *cbc_tfm,struct xdr_buf *buf);struct crypto_sync_skcipher *cipher,struct crypto_ahash *tfm, const struct xdr_buf *body,int body_offset, struct xdr_netobj *cksumout);#endif #endif /* _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H */
Messung V0.5 C=92 H=96 G=93
¤ Dauer der Verarbeitung: 0.0 Sekunden
(vorverarbeitet)
¤ *© Formatika GbR, Deutschland
