/* SPDX-License-Identifier: GPL-2.0 or BSD-3-Clause */ /* * SunRPC GSS Kerberos 5 mechanism internal definitions * * Copyright (c) 2022 Oracle and/or its affiliates. */ #ifndef _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H #define _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H /* * The RFCs often specify payload lengths in bits. This helper * converts a specified bit-length to the number of octets/bytes. */ #define BITS2OCTETS(x) … struct krb5_ctx; struct gss_krb5_enctype { … }; /* krb5_ctx flags definitions */ #define KRB5_CTX_FLAG_INITIATOR … #define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY … struct krb5_ctx { … }; /* * GSS Kerberos 5 mechanism Per-Message calls. */ u32 gss_krb5_get_mic_v2(struct krb5_ctx *ctx, struct xdr_buf *text, struct xdr_netobj *token); u32 gss_krb5_verify_mic_v2(struct krb5_ctx *ctx, struct xdr_buf *message_buffer, struct xdr_netobj *read_token); u32 gss_krb5_wrap_v2(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf, struct page **pages); u32 gss_krb5_unwrap_v2(struct krb5_ctx *kctx, int offset, int len, struct xdr_buf *buf, unsigned int *slack, unsigned int *align); /* * Implementation internal functions */ /* Key Derivation Functions */ int krb5_derive_key_v2(const struct gss_krb5_enctype *gk5e, const struct xdr_netobj *inkey, struct xdr_netobj *outkey, const struct xdr_netobj *label, gfp_t gfp_mask); int krb5_kdf_hmac_sha2(const struct gss_krb5_enctype *gk5e, const struct xdr_netobj *inkey, struct xdr_netobj *outkey, const struct xdr_netobj *in_constant, gfp_t gfp_mask); int krb5_kdf_feedback_cmac(const struct gss_krb5_enctype *gk5e, const struct xdr_netobj *inkey, struct xdr_netobj *outkey, const struct xdr_netobj *in_constant, gfp_t gfp_mask); /** * krb5_derive_key - Derive a subkey from a protocol key * @kctx: Kerberos 5 context * @inkey: base protocol key * @outkey: OUT: derived key * @usage: key usage value * @seed: key usage seed (one octet) * @gfp_mask: memory allocation control flags * * Caller sets @outkey->len to the desired length of the derived key. * * On success, returns 0 and fills in @outkey. A negative errno value * is returned on failure. */ static inline int krb5_derive_key(struct krb5_ctx *kctx, const struct xdr_netobj *inkey, struct xdr_netobj *outkey, u32 usage, u8 seed, gfp_t gfp_mask) { … } void krb5_make_confounder(u8 *p, int conflen); u32 make_checksum(struct krb5_ctx *kctx, char *header, int hdrlen, struct xdr_buf *body, int body_offset, u8 *cksumkey, unsigned int usage, struct xdr_netobj *cksumout); u32 gss_krb5_checksum(struct crypto_ahash *tfm, char *header, int hdrlen, const struct xdr_buf *body, int body_offset, struct xdr_netobj *cksumout); u32 krb5_encrypt(struct crypto_sync_skcipher *key, void *iv, void *in, void *out, int length); u32 krb5_decrypt(struct crypto_sync_skcipher *key, void *iv, void *in, void *out, int length); int xdr_extend_head(struct xdr_buf *buf, unsigned int base, unsigned int shiftlen); int gss_encrypt_xdr_buf(struct crypto_sync_skcipher *tfm, struct xdr_buf *outbuf, int offset, struct page **pages); int gss_decrypt_xdr_buf(struct crypto_sync_skcipher *tfm, struct xdr_buf *inbuf, int offset); u32 gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset, struct xdr_buf *buf, struct page **pages); u32 gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len, struct xdr_buf *buf, u32 *plainoffset, u32 *plainlen); u32 krb5_etm_encrypt(struct krb5_ctx *kctx, u32 offset, struct xdr_buf *buf, struct page **pages); u32 krb5_etm_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len, struct xdr_buf *buf, u32 *headskip, u32 *tailskip); #if IS_ENABLED(CONFIG_KUNIT) void krb5_nfold(u32 inbits, const u8 *in, u32 outbits, u8 *out); const struct gss_krb5_enctype *gss_krb5_lookup_enctype(u32 etype); int krb5_cbc_cts_encrypt(struct crypto_sync_skcipher *cts_tfm, struct crypto_sync_skcipher *cbc_tfm, u32 offset, struct xdr_buf *buf, struct page **pages, u8 *iv, unsigned int ivsize); int krb5_cbc_cts_decrypt(struct crypto_sync_skcipher *cts_tfm, struct crypto_sync_skcipher *cbc_tfm, u32 offset, struct xdr_buf *buf); u32 krb5_etm_checksum(struct crypto_sync_skcipher *cipher, struct crypto_ahash *tfm, const struct xdr_buf *body, int body_offset, struct xdr_netobj *cksumout); #endif #endif /* _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H */
Codebase Browser
linux