1 /*
2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 
7 /*
8  * Copyright (C) 1998 by the FundsXpress, INC.
9  *
10  * All rights reserved.
11  *
12  * Export of this software from the United States of America may require
13  * a specific license from the United States Government.  It is the
14  * responsibility of any person or organization contemplating export to
15  * obtain such a license before exporting.
16  *
17  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
18  * distribute this software and its documentation for any purpose and
19  * without fee is hereby granted, provided that the above copyright
20  * notice appear in all copies and that both that copyright notice and
21  * this permission notice appear in supporting documentation, and that
22  * the name of FundsXpress. not be used in advertising or publicity pertaining
23  * to distribution of the software without specific, written prior
24  * permission.  FundsXpress makes no representations about the suitability of
25  * this software for any purpose.  It is provided "as is" without express
26  * or implied warranty.
27  *
28  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
29  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
30  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
31  */
32 
33 #include "k5-int.h"
34 #include "hash_provider.h"
35 #include "keyhash_provider.h"
36 #include "cksumtypes.h"
37 
38 const struct krb5_cksumtypes krb5_cksumtypes_list[] = {
39     { CKSUMTYPE_CRC32, KRB5_CKSUMFLAG_NOT_COLL_PROOF,
40       "crc32", "CRC-32",
41       0, NULL, &krb5int_hash_crc32, 0,
42 #ifdef _KERNEL
43       NULL,
44       CRYPTO_MECH_INVALID
45 #endif /* _KERNEL */
46 },
47 
48     { CKSUMTYPE_DESCBC, 0,
49       "des-cbc", "DES cbc mode",
50       ENCTYPE_DES_CBC_CRC, &krb5int_keyhash_descbc,
51       0,  0,
52 #ifdef _KERNEL
53       NULL,
54       CRYPTO_MECH_INVALID
55 #endif /* _KERNEL */
56 },
57 
58     { CKSUMTYPE_RSA_MD5, 0,
59       "md5", "RSA-MD5",
60       0, NULL, &krb5int_hash_md5, 0,
61 #ifdef _KERNEL
62       SUN_CKM_MD5,
63       CRYPTO_MECH_INVALID
64 #endif /* _KERNEL */
65 },
66     { CKSUMTYPE_RSA_MD5_DES, 0,
67       "md5-des", "RSA-MD5 with DES cbc mode",
68       ENCTYPE_DES_CBC_CRC, &krb5int_keyhash_md5des,
69       0, 0,
70 #ifdef _KERNEL
71       SUN_CKM_MD5,
72       CRYPTO_MECH_INVALID
73 #endif /* _KERNEL */
74 },
75 
76     { CKSUMTYPE_NIST_SHA, 0,
77       "sha", "NIST-SHA",
78       0, NULL, &krb5int_hash_sha1, 0,
79 #ifdef _KERNEL
80       SUN_CKM_SHA1,
81       CRYPTO_MECH_INVALID
82 #endif /* _KERNEL */
83 },
84 
85     { CKSUMTYPE_HMAC_SHA1_DES3, KRB5_CKSUMFLAG_DERIVE,
86       "hmac-sha1-des3", "HMAC-SHA1 DES3 key",
87       0, NULL, &krb5int_hash_sha1, 0,
88 #ifdef _KERNEL
89       SUN_CKM_SHA1_HMAC,
90       CRYPTO_MECH_INVALID
91 #endif /* _KERNEL */
92  },
93     { CKSUMTYPE_HMAC_SHA1_DES3, KRB5_CKSUMFLAG_DERIVE,
94       "hmac-sha1-des3-kd", "HMAC-SHA1 DES3 key", /* alias */
95       0, NULL, &krb5int_hash_sha1, 0,
96 #ifdef _KERNEL
97       SUN_CKM_SHA1_HMAC,
98       CRYPTO_MECH_INVALID
99 #endif /* _KERNEL */
100 },
101     { CKSUMTYPE_HMAC_MD5_ARCFOUR, 0,
102       "hmac-md5-rc4", "Microsoft HMAC MD5 (RC4 key)",
103       ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_hmac_md5,
104       NULL, 0,
105 #ifdef _KERNEL
106       SUN_CKM_MD5,
107       CRYPTO_MECH_INVALID
108 #endif /* _KERNEL */
109     },
110     { CKSUMTYPE_HMAC_MD5_ARCFOUR, 0,
111       "hmac-md5-enc", "Microsoft HMAC MD5 (RC4 key)",  /*Heimdal alias*/
112       ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_hmac_md5,
113       NULL, 0,
114 #ifdef _KERNEL
115       SUN_CKM_MD5,
116       CRYPTO_MECH_INVALID
117 #endif /* _KERNEL */
118     },
119     { CKSUMTYPE_HMAC_MD5_ARCFOUR, 0,
120       "hmac-md5-earcfour", "Microsoft HMAC MD5 (RC4 key)",  /* alias*/
121       ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_hmac_md5,
122       NULL, 0,
123 #ifdef _KERNEL
124       SUN_CKM_MD5,
125       CRYPTO_MECH_INVALID
126 #endif /* _KERNEL */
127     },
128 
129     { CKSUMTYPE_HMAC_SHA1_96_AES128, KRB5_CKSUMFLAG_DERIVE,
130       "hmac-sha1-96-aes128", "HMAC-SHA1 AES128 key",
131 	0, NULL, &krb5int_hash_sha1, 12,
132 #ifdef _KERNEL
133       SUN_CKM_SHA1_HMAC,
134       CRYPTO_MECH_INVALID
135 #endif /* _KERNEL */
136     },
137     { CKSUMTYPE_HMAC_SHA1_96_AES256, KRB5_CKSUMFLAG_DERIVE,
138       "hmac-sha1-96-aes256", "HMAC-SHA1 AES256 key",
139 	0, NULL, &krb5int_hash_sha1, 12,
140 #ifdef _KERNEL
141       SUN_CKM_SHA1_HMAC,
142       CRYPTO_MECH_INVALID
143 #endif /* _KERNEL */
144     }
145 
146 };
147 
148 const int krb5_cksumtypes_length =
149 sizeof(krb5_cksumtypes_list)/sizeof(struct krb5_cksumtypes);
150 
151 /* Solaris Kerberos */
152 #ifdef _KERNEL
153 void
setup_kef_cksumtypes()154 setup_kef_cksumtypes()
155 {
156 	int i;
157 	struct krb5_cksumtypes *ck;
158 
159 	for (i=0; i<krb5_cksumtypes_length; i++) {
160 		ck = (struct krb5_cksumtypes *)&krb5_cksumtypes_list[i];
161 		if (ck != NULL &&
162 		    ck->mt_c_name != NULL &&
163 		    ck->kef_cksum_mt == CRYPTO_MECH_INVALID) {
164 
165 			ck->kef_cksum_mt = crypto_mech2id(ck->mt_c_name);
166 			KRB5_LOG1(KRB5_INFO, "setup_kef_cksumtypes() - "
167 				"%s ==> %ld",
168 				ck->mt_c_name, (ulong_t)ck->kef_cksum_mt);
169 		}
170 	}
171 }
172 #endif /* _KERNEL */
173