17c478bdstevel@tonic-gate/*
2159d09aMark Phalan * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
37c478bdstevel@tonic-gate * Use is subject to license terms.
47c478bdstevel@tonic-gate */
57c478bdstevel@tonic-gate
67c478bdstevel@tonic-gate
77c478bdstevel@tonic-gate/*
87c478bdstevel@tonic-gate * Copyright (C) 1998 by the FundsXpress, INC.
98cd1b71Toomas Soome *
107c478bdstevel@tonic-gate * All rights reserved.
118cd1b71Toomas Soome *
127c478bdstevel@tonic-gate * Export of this software from the United States of America may require
137c478bdstevel@tonic-gate * a specific license from the United States Government.  It is the
147c478bdstevel@tonic-gate * responsibility of any person or organization contemplating export to
157c478bdstevel@tonic-gate * obtain such a license before exporting.
168cd1b71Toomas Soome *
177c478bdstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
187c478bdstevel@tonic-gate * distribute this software and its documentation for any purpose and
197c478bdstevel@tonic-gate * without fee is hereby granted, provided that the above copyright
207c478bdstevel@tonic-gate * notice appear in all copies and that both that copyright notice and
217c478bdstevel@tonic-gate * this permission notice appear in supporting documentation, and that
227c478bdstevel@tonic-gate * the name of FundsXpress. not be used in advertising or publicity pertaining
237c478bdstevel@tonic-gate * to distribution of the software without specific, written prior
247c478bdstevel@tonic-gate * permission.  FundsXpress makes no representations about the suitability of
257c478bdstevel@tonic-gate * this software for any purpose.  It is provided "as is" without express
267c478bdstevel@tonic-gate * or implied warranty.
278cd1b71Toomas Soome *
287c478bdstevel@tonic-gate * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
297c478bdstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
307c478bdstevel@tonic-gate * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
317c478bdstevel@tonic-gate */
327c478bdstevel@tonic-gate
337c478bdstevel@tonic-gate#ifdef	_KERNEL
347c478bdstevel@tonic-gate/* Solaris Kerberos:
357c478bdstevel@tonic-gate * we don't provide these functions to the kernel
367c478bdstevel@tonic-gate */
37159d09aMark Phalan#define	krb5int_des_string_to_key	NULL
387c478bdstevel@tonic-gate#define	krb5_dk_string_to_key	NULL
397c478bdstevel@tonic-gate#define	krb5int_arcfour_string_to_key	NULL
408cd1b71Toomas Soome#endif	/* _KERNEL */
417c478bdstevel@tonic-gate
427c478bdstevel@tonic-gate#include <k5-int.h>
437c478bdstevel@tonic-gate#include <enc_provider.h>
447c478bdstevel@tonic-gate#include <hash_provider.h>
457c478bdstevel@tonic-gate#include <etypes.h>
467c478bdstevel@tonic-gate#include <old.h>
477c478bdstevel@tonic-gate#include <raw.h>
487c478bdstevel@tonic-gate
497c478bdstevel@tonic-gate#include <dk.h>
507c478bdstevel@tonic-gate#include <arcfour.h>
517c478bdstevel@tonic-gate
527c478bdstevel@tonic-gate/* these will be linear searched.  if they ever get big, a binary
537c478bdstevel@tonic-gate   search or hash table would be better, which means these would need
547c478bdstevel@tonic-gate   to be sorted.  An array would be more efficient, but that assumes
557c478bdstevel@tonic-gate   that the keytypes are all near each other.  I'd rather not make
567c478bdstevel@tonic-gate   that assumption. */
577c478bdstevel@tonic-gate
587c478bdstevel@tonic-gatestruct krb5_keytypes krb5_enctypes_list[] = {
597c478bdstevel@tonic-gate    { ENCTYPE_DES_CBC_CRC,
607c478bdstevel@tonic-gate      "des-cbc-crc", "DES cbc mode with CRC-32",
61159d09aMark Phalan      &krb5int_enc_des, &krb5int_hash_crc32,
627c478bdstevel@tonic-gate      krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
637c478bdstevel@tonic-gate      CKSUMTYPE_RSA_MD5,
647c478bdstevel@tonic-gate#ifndef _KERNEL
65159d09aMark Phalan      krb5int_des_string_to_key,
667c478bdstevel@tonic-gate#else
677c478bdstevel@tonic-gate      SUN_CKM_DES_CBC,
687c478bdstevel@tonic-gate      NULL,
697c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
707c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
717c478bdstevel@tonic-gate#endif /* !_KERNEL */
727c478bdstevel@tonic-gate},
737c478bdstevel@tonic-gate    { ENCTYPE_DES_CBC_MD5,
747c478bdstevel@tonic-gate      "des-cbc-md5", "DES cbc mode with RSA-MD5",
75159d09aMark Phalan      &krb5int_enc_des, &krb5int_hash_md5,
767c478bdstevel@tonic-gate      krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
777c478bdstevel@tonic-gate      CKSUMTYPE_RSA_MD5,
787c478bdstevel@tonic-gate#ifndef _KERNEL
79159d09aMark Phalan      krb5int_des_string_to_key,
807c478bdstevel@tonic-gate#else
817c478bdstevel@tonic-gate      SUN_CKM_DES_CBC,
827c478bdstevel@tonic-gate      SUN_CKM_MD5,
837c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
847c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
857c478bdstevel@tonic-gate#endif /* !_KERNEL */
867c478bdstevel@tonic-gate},
877c478bdstevel@tonic-gate    { ENCTYPE_DES_CBC_MD5,
887c478bdstevel@tonic-gate      "des", "DES cbc mode with RSA-MD5", /* alias */
89159d09aMark Phalan      &krb5int_enc_des, &krb5int_hash_md5,
907c478bdstevel@tonic-gate      krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
917c478bdstevel@tonic-gate      CKSUMTYPE_RSA_MD5,
927c478bdstevel@tonic-gate#ifndef _KERNEL
93159d09aMark Phalan      krb5int_des_string_to_key,
947c478bdstevel@tonic-gate#else
957c478bdstevel@tonic-gate      SUN_CKM_DES_CBC,
967c478bdstevel@tonic-gate      SUN_CKM_MD5,
977c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
987c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
997c478bdstevel@tonic-gate#endif /* _KERNEL */
1007c478bdstevel@tonic-gate },
1017c478bdstevel@tonic-gate    { ENCTYPE_DES_CBC_RAW,
1027c478bdstevel@tonic-gate      "des-cbc-raw", "DES cbc mode raw",
103159d09aMark Phalan      &krb5int_enc_des, NULL,
1047c478bdstevel@tonic-gate      krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
1058cd1b71Toomas Soome      0,
1067c478bdstevel@tonic-gate#ifndef _KERNEL
107159d09aMark Phalan      krb5int_des_string_to_key,
1087c478bdstevel@tonic-gate#else
1097c478bdstevel@tonic-gate      SUN_CKM_DES_CBC,
1107c478bdstevel@tonic-gate      NULL,
1117c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
1127c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
1137c478bdstevel@tonic-gate#endif /* !_KERNEL */
1147c478bdstevel@tonic-gate},
1157c478bdstevel@tonic-gate
1167c478bdstevel@tonic-gate    { ENCTYPE_DES3_CBC_RAW,
1177c478bdstevel@tonic-gate      "des3-cbc-raw", "Triple DES cbc mode raw",
118159d09aMark Phalan      &krb5int_enc_des3, NULL,
1197c478bdstevel@tonic-gate      krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
1208cd1b71Toomas Soome      0,
1217c478bdstevel@tonic-gate#ifndef _KERNEL
122159d09aMark Phalan      krb5int_dk_string_to_key,
1237c478bdstevel@tonic-gate#else
1247c478bdstevel@tonic-gate      SUN_CKM_DES3_CBC,
1257c478bdstevel@tonic-gate      NULL,
1267c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
1277c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
1287c478bdstevel@tonic-gate#endif /* !_KERNEL */
1297c478bdstevel@tonic-gate},
1307c478bdstevel@tonic-gate
1317c478bdstevel@tonic-gate    { ENCTYPE_DES3_CBC_SHA1,
1327c478bdstevel@tonic-gate      "des3-cbc-sha1", "Triple DES cbc mode with HMAC/sha1",
133159d09aMark Phalan      &krb5int_enc_des3, &krb5int_hash_sha1,
1347c478bdstevel@tonic-gate      krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
1357c478bdstevel@tonic-gate      CKSUMTYPE_HMAC_SHA1_DES3,
1367c478bdstevel@tonic-gate#ifndef _KERNEL
137159d09aMark Phalan      krb5int_dk_string_to_key,
1387c478bdstevel@tonic-gate#else
1397c478bdstevel@tonic-gate      SUN_CKM_DES3_CBC,
1407c478bdstevel@tonic-gate      SUN_CKM_SHA1_HMAC,
1417c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
1427c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
1437c478bdstevel@tonic-gate#endif
1447c478bdstevel@tonic-gate },
1457c478bdstevel@tonic-gate    { ENCTYPE_DES3_CBC_SHA1,	/* alias */
1467c478bdstevel@tonic-gate      "des3-hmac-sha1", "Triple DES cbc mode with HMAC/sha1",
147159d09aMark Phalan      &krb5int_enc_des3, &krb5int_hash_sha1,
1487c478bdstevel@tonic-gate      krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
1497c478bdstevel@tonic-gate      CKSUMTYPE_HMAC_SHA1_DES3,
1507c478bdstevel@tonic-gate#ifndef _KERNEL
151159d09aMark Phalan      krb5int_dk_string_to_key,
1527c478bdstevel@tonic-gate#else
1537c478bdstevel@tonic-gate      SUN_CKM_DES3_CBC,
1547c478bdstevel@tonic-gate      SUN_CKM_SHA1_HMAC,
1557c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
1567c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
1577c478bdstevel@tonic-gate#endif /* !_KERNEL */
1587c478bdstevel@tonic-gate},
1597c478bdstevel@tonic-gate    { ENCTYPE_DES3_CBC_SHA1,	/* alias */
1607c478bdstevel@tonic-gate      "des3-cbc-sha1-kd", "Triple DES cbc mode with HMAC/sha1",
161159d09aMark Phalan      &krb5int_enc_des3, &krb5int_hash_sha1,
1627c478bdstevel@tonic-gate      krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
1637c478bdstevel@tonic-gate      CKSUMTYPE_HMAC_SHA1_DES3,
1647c478bdstevel@tonic-gate#ifndef _KERNEL
165159d09aMark Phalan      krb5int_dk_string_to_key,
1667c478bdstevel@tonic-gate#else
1677c478bdstevel@tonic-gate      SUN_CKM_DES3_CBC,
1687c478bdstevel@tonic-gate      SUN_CKM_SHA1_HMAC,
1697c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
1707c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
1717c478bdstevel@tonic-gate#endif /* !_KERNEL */
1727c478bdstevel@tonic-gate},
1737c478bdstevel@tonic-gate      /* The des3-cbc-hmac-sha1-kd is the official enctype associated with
1747c478bdstevel@tonic-gate       * 3DES/SHA1 in draft-ietf-krb-wg-crypto-00.txt
1757c478bdstevel@tonic-gate       */
1767c478bdstevel@tonic-gate    { ENCTYPE_DES3_CBC_SHA1,	/* alias */
1777c478bdstevel@tonic-gate      "des3-cbc-hmac-sha1-kd", "Triple DES cbc mode with HMAC/sha1",
178159d09aMark Phalan      &krb5int_enc_des3, &krb5int_hash_sha1,
1797c478bdstevel@tonic-gate      krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
1807c478bdstevel@tonic-gate      CKSUMTYPE_HMAC_SHA1_DES3,
1817c478bdstevel@tonic-gate#ifndef _KERNEL
182159d09aMark Phalan      krb5int_dk_string_to_key,
1837c478bdstevel@tonic-gate#else
1847c478bdstevel@tonic-gate      SUN_CKM_DES3_CBC,
1857c478bdstevel@tonic-gate      SUN_CKM_SHA1_HMAC,
1867c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
1877c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
1887c478bdstevel@tonic-gate#endif /* !_KERNEL */
1897c478bdstevel@tonic-gate},
1907c478bdstevel@tonic-gate
1917c478bdstevel@tonic-gate    { ENCTYPE_DES_HMAC_SHA1,
1927c478bdstevel@tonic-gate      "des-hmac-sha1", "DES with HMAC/sha1",
193159d09aMark Phalan      &krb5int_enc_des, &krb5int_hash_sha1,
1947c478bdstevel@tonic-gate      krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
1958cd1b71Toomas Soome      0,
1967c478bdstevel@tonic-gate#ifndef _KERNEL
197159d09aMark Phalan      krb5int_dk_string_to_key,
1987c478bdstevel@tonic-gate#else
1997c478bdstevel@tonic-gate      SUN_CKM_DES_CBC,
2007c478bdstevel@tonic-gate      SUN_CKM_SHA1_HMAC,
2017c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
2027c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
2037c478bdstevel@tonic-gate#endif /* !_KERNEL */
2047c478bdstevel@tonic-gate},
2057c478bdstevel@tonic-gate    { ENCTYPE_ARCFOUR_HMAC,
2067c478bdstevel@tonic-gate      "arcfour-hmac","ArcFour with HMAC/md5", &krb5int_enc_arcfour,
207159d09aMark Phalan      &krb5int_hash_md5,
208159d09aMark Phalankrb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
209159d09aMark Phalan      krb5_arcfour_decrypt,
2107c478bdstevel@tonic-gate	CKSUMTYPE_HMAC_MD5_ARCFOUR,
2117c478bdstevel@tonic-gate#ifndef _KERNEL
2127c478bdstevel@tonic-gate	krb5int_arcfour_string_to_key,
2137c478bdstevel@tonic-gate#else
2147c478bdstevel@tonic-gate      SUN_CKM_RC4,
2157c478bdstevel@tonic-gate      SUN_CKM_MD5_HMAC,
2167c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
2177c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
2187c478bdstevel@tonic-gate#endif /* !_KERNEL */
2197c478bdstevel@tonic-gate    },
2207c478bdstevel@tonic-gate    { ENCTYPE_ARCFOUR_HMAC,  /* alias */
221159d09aMark Phalan      "rc4-hmac", "ArcFour with HMAC/md5", &krb5int_enc_arcfour,
222159d09aMark Phalan      &krb5int_hash_md5,
223159d09aMark Phalan      krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
2248cd1b71Toomas Soome      krb5_arcfour_decrypt,
2257c478bdstevel@tonic-gate	CKSUMTYPE_HMAC_MD5_ARCFOUR,
2267c478bdstevel@tonic-gate#ifndef _KERNEL
2277c478bdstevel@tonic-gate	krb5int_arcfour_string_to_key,
2287c478bdstevel@tonic-gate#else
2297c478bdstevel@tonic-gate      SUN_CKM_RC4,
2307c478bdstevel@tonic-gate      SUN_CKM_MD5_HMAC,
2317c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
2327c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
2337c478bdstevel@tonic-gate#endif /* !_KERNEL */
2347c478bdstevel@tonic-gate    },
2357c478bdstevel@tonic-gate    { ENCTYPE_ARCFOUR_HMAC,  /* alias */
236159d09aMark Phalan      "arcfour-hmac-md5", "ArcFour with HMAC/md5", &krb5int_enc_arcfour,
237159d09aMark Phalan      &krb5int_hash_md5,
238159d09aMark Phalan      krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
239159d09aMark Phalan      krb5_arcfour_decrypt,
2407c478bdstevel@tonic-gate	CKSUMTYPE_HMAC_MD5_ARCFOUR,
2417c478bdstevel@tonic-gate#ifndef _KERNEL
2427c478bdstevel@tonic-gate	krb5int_arcfour_string_to_key,
2437c478bdstevel@tonic-gate#else
2447c478bdstevel@tonic-gate      SUN_CKM_RC4,
2457c478bdstevel@tonic-gate      SUN_CKM_MD5_HMAC,
2467c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
2477c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
2487c478bdstevel@tonic-gate#endif /* !_KERNEL */
2497c478bdstevel@tonic-gate    },
2507c478bdstevel@tonic-gate    { ENCTYPE_ARCFOUR_HMAC_EXP,
2517c478bdstevel@tonic-gate	"arcfour-hmac-exp", "Exportable ArcFour with HMAC/md5",
2527c478bdstevel@tonic-gate	&krb5int_enc_arcfour,
2537c478bdstevel@tonic-gate	&krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
2547c478bdstevel@tonic-gate	krb5_arcfour_decrypt,
2557c478bdstevel@tonic-gate	CKSUMTYPE_HMAC_MD5_ARCFOUR,
2567c478bdstevel@tonic-gate#ifndef _KERNEL
2577c478bdstevel@tonic-gate	krb5int_arcfour_string_to_key,
2587c478bdstevel@tonic-gate#else
2597c478bdstevel@tonic-gate      SUN_CKM_RC4,
2607c478bdstevel@tonic-gate      SUN_CKM_MD5_HMAC,
2617c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
2627c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
2637c478bdstevel@tonic-gate#endif /* !_KERNEL */
2647c478bdstevel@tonic-gate    },
2657c478bdstevel@tonic-gate    { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */
266159d09aMark Phalan      "rc4-hmac-exp", "Exportable ArcFour with HMAC/md5",
267159d09aMark Phalan      &krb5int_enc_arcfour,
268159d09aMark Phalan      &krb5int_hash_md5,
269159d09aMark Phalan      krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
270159d09aMark Phalan      krb5_arcfour_decrypt,
2717c478bdstevel@tonic-gate	CKSUMTYPE_HMAC_MD5_ARCFOUR,
2727c478bdstevel@tonic-gate#ifndef _KERNEL
2737c478bdstevel@tonic-gate	krb5int_arcfour_string_to_key,
2747c478bdstevel@tonic-gate#else
2757c478bdstevel@tonic-gate      SUN_CKM_RC4,
2767c478bdstevel@tonic-gate      SUN_CKM_MD5_HMAC,
2777c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
2787c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
2797c478bdstevel@tonic-gate#endif /* !_KERNEL */
2807c478bdstevel@tonic-gate    },
2817c478bdstevel@tonic-gate    { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */
282159d09aMark Phalan      "arcfour-hmac-md5-exp", "Exportable ArcFour with HMAC/md5",
283159d09aMark Phalan      &krb5int_enc_arcfour,
284159d09aMark Phalan      &krb5int_hash_md5,
285159d09aMark Phalan      krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
286159d09aMark Phalan      krb5_arcfour_decrypt,
2877c478bdstevel@tonic-gate	CKSUMTYPE_HMAC_MD5_ARCFOUR,
2887c478bdstevel@tonic-gate#ifndef _KERNEL
2897c478bdstevel@tonic-gate	krb5int_arcfour_string_to_key,
2907c478bdstevel@tonic-gate#else
2917c478bdstevel@tonic-gate      SUN_CKM_RC4,
2927c478bdstevel@tonic-gate      SUN_CKM_MD5_HMAC,
2937c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
2947c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
2957c478bdstevel@tonic-gate#endif /* !_KERNEL */
2967c478bdstevel@tonic-gate    },
2977c478bdstevel@tonic-gate
298c54c769willf    /*
299c54c769willf     * Note, all AES enctypes must use SUN_CKM_AES_CBC.  See aes_provider.c for
300c54c769willf     * more info.
301c54c769willf     */
3027c478bdstevel@tonic-gate    { ENCTYPE_AES128_CTS_HMAC_SHA1_96,
303159d09aMark Phalan      "aes128-cts-hmac-sha1-96", "AES-128 CTS mode with 96-bit SHA-1 HMAC",
304159d09aMark Phalan      &krb5int_enc_aes128, &krb5int_hash_sha1,
305159d09aMark Phalan      krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
306159d09aMark Phalan      CKSUMTYPE_HMAC_SHA1_96_AES128,
3077c478bdstevel@tonic-gate#ifndef _KERNEL
308159d09aMark Phalan      krb5int_aes_string_to_key,
3097c478bdstevel@tonic-gate#else
310c54c769willf      SUN_CKM_AES_CBC,
3117c478bdstevel@tonic-gate      SUN_CKM_SHA1_HMAC,
3127c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
3137c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
3147c478bdstevel@tonic-gate#endif /* !_KERNEL */
3157c478bdstevel@tonic-gate    },
3167c478bdstevel@tonic-gate    { ENCTYPE_AES128_CTS_HMAC_SHA1_96,
3177c478bdstevel@tonic-gate	"aes128-cts", "AES-128 CTS mode with 96-bit SHA-1 HMAC",
318159d09aMark Phalan	&krb5int_enc_aes128, &krb5int_hash_sha1,
3197c478bdstevel@tonic-gate	krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
3207c478bdstevel@tonic-gate	CKSUMTYPE_HMAC_SHA1_96_AES128,
3217c478bdstevel@tonic-gate#ifndef _KERNEL
3227c478bdstevel@tonic-gate	krb5int_aes_string_to_key,
3237c478bdstevel@tonic-gate#else
324c54c769willf      SUN_CKM_AES_CBC,
3257c478bdstevel@tonic-gate      SUN_CKM_SHA1_HMAC,
3267c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
3277c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
3287c478bdstevel@tonic-gate#endif /* !_KERNEL */
3297c478bdstevel@tonic-gate    },
3307c478bdstevel@tonic-gate    { ENCTYPE_AES256_CTS_HMAC_SHA1_96,
331159d09aMark Phalan      "aes256-cts-hmac-sha1-96", "AES-256 CTS mode with 96-bit SHA-1 HMAC",
332159d09aMark Phalan      &krb5int_enc_aes256, &krb5int_hash_sha1,
333159d09aMark Phalan      krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
334159d09aMark Phalan      CKSUMTYPE_HMAC_SHA1_96_AES256,
3357c478bdstevel@tonic-gate#ifndef _KERNEL
336159d09aMark Phalan      krb5int_aes_string_to_key,
3377c478bdstevel@tonic-gate#else
338c54c769willf      SUN_CKM_AES_CBC,
3397c478bdstevel@tonic-gate      SUN_CKM_SHA1_HMAC,
3407c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
3417c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
3427c478bdstevel@tonic-gate#endif /* !_KERNEL */
3437c478bdstevel@tonic-gate    },
3447c478bdstevel@tonic-gate    { ENCTYPE_AES256_CTS_HMAC_SHA1_96,
3457c478bdstevel@tonic-gate	"aes256-cts", "AES-256 CTS mode with 96-bit SHA-1 HMAC",
346159d09aMark Phalan	&krb5int_enc_aes256, &krb5int_hash_sha1,
3477c478bdstevel@tonic-gate	krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
3487c478bdstevel@tonic-gate	CKSUMTYPE_HMAC_SHA1_96_AES256,
3497c478bdstevel@tonic-gate#ifndef _KERNEL
3507c478bdstevel@tonic-gate	krb5int_aes_string_to_key,
3517c478bdstevel@tonic-gate#else
352c54c769willf      SUN_CKM_AES_CBC,
3537c478bdstevel@tonic-gate      SUN_CKM_SHA1_HMAC,
3547c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID,
3557c478bdstevel@tonic-gate      CRYPTO_MECH_INVALID
3567c478bdstevel@tonic-gate#endif /* !_KERNEL */
3577c478bdstevel@tonic-gate    },
3587c478bdstevel@tonic-gate};
3597c478bdstevel@tonic-gate
3607c478bdstevel@tonic-gateconst int krb5_enctypes_length =
3617c478bdstevel@tonic-gatesizeof(krb5_enctypes_list)/sizeof(struct krb5_keytypes);
3627c478bdstevel@tonic-gate
3637c478bdstevel@tonic-gate#ifdef _KERNEL
3647c478bdstevel@tonic-gate
3657c478bdstevel@tonic-gate/*
3667c478bdstevel@tonic-gate * Routine to pre-fetch the mechanism types from KEF so
3677c478bdstevel@tonic-gate * we dont keep doing this step later.
3687c478bdstevel@tonic-gate */
3697c478bdstevel@tonic-gatevoid
3707c478bdstevel@tonic-gatesetup_kef_keytypes()
3717c478bdstevel@tonic-gate{
3727c478bdstevel@tonic-gate	int i;
3737c478bdstevel@tonic-gate	struct krb5_keytypes *kt;
3747c478bdstevel@tonic-gate
3757c478bdstevel@tonic-gate	for (i=0; i<krb5_enctypes_length; i++) {
3767c478bdstevel@tonic-gate		kt = (struct krb5_keytypes *)&krb5_enctypes_list[i];
3777c478bdstevel@tonic-gate		if (kt->kef_cipher_mt == CRYPTO_MECH_INVALID &&
3787c478bdstevel@tonic-gate		    kt->mt_e_name != NULL) {
3797c478bdstevel@tonic-gate			krb5_enctypes_list[i].kef_cipher_mt =
3807c478bdstevel@tonic-gate				crypto_mech2id(kt->mt_e_name);
3817c478bdstevel@tonic-gate		}
3827c478bdstevel@tonic-gate
3837c478bdstevel@tonic-gate		if (kt->kef_hash_mt == CRYPTO_MECH_INVALID &&
3847c478bdstevel@tonic-gate		    kt->mt_h_name != NULL) {
3857c478bdstevel@tonic-gate			krb5_enctypes_list[i].kef_hash_mt =
3867c478bdstevel@tonic-gate				crypto_mech2id(kt->mt_h_name);
3877c478bdstevel@tonic-gate		}
3887c478bdstevel@tonic-gate		KRB5_LOG1(KRB5_INFO, "setup_kef_keytypes(): %s ==> %ld",
3897c478bdstevel@tonic-gate			kt->mt_e_name,
3907c478bdstevel@tonic-gate			(ulong_t) krb5_enctypes_list[i].kef_cipher_mt);
3917c478bdstevel@tonic-gate	}
3927c478bdstevel@tonic-gate}
3937c478bdstevel@tonic-gate
3947c478bdstevel@tonic-gate/*ARGSUSED*/
3957c478bdstevel@tonic-gatecrypto_mech_type_t
3967c478bdstevel@tonic-gateget_cipher_mech_type(krb5_context context, krb5_keyblock *key)
3977c478bdstevel@tonic-gate{
3988cd1b71Toomas Soome	int i;
3997c478bdstevel@tonic-gate	struct krb5_keytypes *kt;
4007c478bdstevel@tonic-gate
4017c478bdstevel@tonic-gate	if (key == NULL)
4027c478bdstevel@tonic-gate		return (CRYPTO_MECH_INVALID);
4037c478bdstevel@tonic-gate
4047c478bdstevel@tonic-gate	for (i=0; i<krb5_enctypes_length; i++) {
4057c478bdstevel@tonic-gate		kt = (struct krb5_keytypes *)&krb5_enctypes_list[i];
4067c478bdstevel@tonic-gate		if (kt->etype == key->enctype) {
4077c478bdstevel@tonic-gate			KRB5_LOG1(KRB5_INFO, "get_cipher_mech_type() "
4087c478bdstevel@tonic-gate				"found %s %ld",
4097c478bdstevel@tonic-gate				kt->mt_e_name,
4107c478bdstevel@tonic-gate				(ulong_t) kt->kef_cipher_mt);
4117c478bdstevel@tonic-gate			return (kt->kef_cipher_mt);
4127c478bdstevel@tonic-gate		}
4137c478bdstevel@tonic-gate	}
4148cd1b71Toomas Soome	return (CRYPTO_MECH_INVALID);
4157c478bdstevel@tonic-gate}
4167c478bdstevel@tonic-gate
4177c478bdstevel@tonic-gate/*ARGSUSED*/
4187c478bdstevel@tonic-gatecrypto_mech_type_t
4197c478bdstevel@tonic-gateget_hash_mech_type(krb5_context context, krb5_keyblock *key)
4207c478bdstevel@tonic-gate{
4218cd1b71Toomas Soome	int i;
4227c478bdstevel@tonic-gate	struct krb5_keytypes *kt;
4237c478bdstevel@tonic-gate
4247c478bdstevel@tonic-gate	if (key == NULL)
4257c478bdstevel@tonic-gate		return (CRYPTO_MECH_INVALID);
4267c478bdstevel@tonic-gate
4277c478bdstevel@tonic-gate	for (i=0; i<krb5_enctypes_length; i++) {
4287c478bdstevel@tonic-gate		kt = (struct krb5_keytypes *)&krb5_enctypes_list[i];
4297c478bdstevel@tonic-gate		if (kt->etype == key->enctype) {
4307c478bdstevel@tonic-gate			KRB5_LOG1(KRB5_INFO, "get_hash_mech_type() "
4317c478bdstevel@tonic-gate				"found %s %ld",
4327c478bdstevel@tonic-gate				kt->mt_h_name,
4337c478bdstevel@tonic-gate				(ulong_t) kt->kef_hash_mt);
4347c478bdstevel@tonic-gate			return (kt->kef_hash_mt);
4357c478bdstevel@tonic-gate		}
4367c478bdstevel@tonic-gate	}
4378cd1b71Toomas Soome	return (CRYPTO_MECH_INVALID);
4387c478bdstevel@tonic-gate}
4397c478bdstevel@tonic-gate
4407c478bdstevel@tonic-gate#endif /* _KERNEL */
441