Lines Matching +full:p +full:- +full:256
1 // SPDX-License-Identifier: BSD-3-Clause
5 * Copyright (c) 2001-2008 The Regents of the University of Michigan.
36 * AES-128 with SHA-1 (RFC 3962)
41 .name = "aes128-cts",
54 .signalg = -1,
55 .sealalg = -1,
65 * AES-256 with SHA-1 (RFC 3962)
70 .name = "aes256-cts",
83 .signalg = -1,
84 .sealalg = -1,
86 .keylength = BITS2OCTETS(256),
87 .Kc_length = BITS2OCTETS(256),
88 .Ke_length = BITS2OCTETS(256),
89 .Ki_length = BITS2OCTETS(256),
97 * Camellia-128 with CMAC (RFC 6803)
102 .name = "camellia128-cts-cmac",
123 * Camellia-256 with CMAC (RFC 6803)
128 .name = "camellia256-cts-cmac",
134 .keylength = BITS2OCTETS(256),
135 .Kc_length = BITS2OCTETS(256),
136 .Ke_length = BITS2OCTETS(256),
137 .Ki_length = BITS2OCTETS(256),
152 * AES-128 with SHA-256 (RFC 8009)
157 .name = "aes128-cts-hmac-sha256-128",
178 * AES-256 with SHA-384 (RFC 8009)
183 .name = "aes256-cts-hmac-sha384-192",
189 .keylength = BITS2OCTETS(256),
191 .Ke_length = BITS2OCTETS(256),
248 * gss_krb5_lookup_enctype - Retrieve profile information for a given enctype
274 if (crypto_sync_skcipher_setkey(tfm, key->data, key->len)) { in gss_krb5_alloc_cipher_v2()
286 tfm = crypto_alloc_ahash(kctx->gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); in gss_krb5_alloc_hash_v2()
289 if (crypto_ahash_setkey(tfm, key->data, key->len)) { in gss_krb5_alloc_hash_v2()
300 .len = ctx->gk5e->keylength, in gss_krb5_import_ctx_v2()
301 .data = ctx->Ksess, in gss_krb5_import_ctx_v2()
304 int ret = -EINVAL; in gss_krb5_import_ctx_v2()
308 return -ENOMEM; in gss_krb5_import_ctx_v2()
311 keyout.len = ctx->gk5e->Ke_length; in gss_krb5_import_ctx_v2()
315 ctx->initiator_enc = gss_krb5_alloc_cipher_v2(ctx->gk5e->encrypt_name, in gss_krb5_import_ctx_v2()
317 if (ctx->initiator_enc == NULL) in gss_krb5_import_ctx_v2()
319 if (ctx->gk5e->aux_cipher) { in gss_krb5_import_ctx_v2()
320 ctx->initiator_enc_aux = in gss_krb5_import_ctx_v2()
321 gss_krb5_alloc_cipher_v2(ctx->gk5e->aux_cipher, in gss_krb5_import_ctx_v2()
323 if (ctx->initiator_enc_aux == NULL) in gss_krb5_import_ctx_v2()
331 ctx->acceptor_enc = gss_krb5_alloc_cipher_v2(ctx->gk5e->encrypt_name, in gss_krb5_import_ctx_v2()
333 if (ctx->acceptor_enc == NULL) in gss_krb5_import_ctx_v2()
335 if (ctx->gk5e->aux_cipher) { in gss_krb5_import_ctx_v2()
336 ctx->acceptor_enc_aux = in gss_krb5_import_ctx_v2()
337 gss_krb5_alloc_cipher_v2(ctx->gk5e->aux_cipher, in gss_krb5_import_ctx_v2()
339 if (ctx->acceptor_enc_aux == NULL) in gss_krb5_import_ctx_v2()
344 keyout.len = ctx->gk5e->Kc_length; in gss_krb5_import_ctx_v2()
348 ctx->initiator_sign = gss_krb5_alloc_hash_v2(ctx, &keyout); in gss_krb5_import_ctx_v2()
349 if (ctx->initiator_sign == NULL) in gss_krb5_import_ctx_v2()
356 ctx->acceptor_sign = gss_krb5_alloc_hash_v2(ctx, &keyout); in gss_krb5_import_ctx_v2()
357 if (ctx->acceptor_sign == NULL) in gss_krb5_import_ctx_v2()
361 keyout.len = ctx->gk5e->Ki_length; in gss_krb5_import_ctx_v2()
365 ctx->initiator_integ = gss_krb5_alloc_hash_v2(ctx, &keyout); in gss_krb5_import_ctx_v2()
366 if (ctx->initiator_integ == NULL) in gss_krb5_import_ctx_v2()
373 ctx->acceptor_integ = gss_krb5_alloc_hash_v2(ctx, &keyout); in gss_krb5_import_ctx_v2()
374 if (ctx->acceptor_integ == NULL) in gss_krb5_import_ctx_v2()
383 crypto_free_ahash(ctx->acceptor_integ); in gss_krb5_import_ctx_v2()
384 crypto_free_ahash(ctx->initiator_integ); in gss_krb5_import_ctx_v2()
385 crypto_free_ahash(ctx->acceptor_sign); in gss_krb5_import_ctx_v2()
386 crypto_free_ahash(ctx->initiator_sign); in gss_krb5_import_ctx_v2()
387 crypto_free_sync_skcipher(ctx->acceptor_enc_aux); in gss_krb5_import_ctx_v2()
388 crypto_free_sync_skcipher(ctx->acceptor_enc); in gss_krb5_import_ctx_v2()
389 crypto_free_sync_skcipher(ctx->initiator_enc_aux); in gss_krb5_import_ctx_v2()
390 crypto_free_sync_skcipher(ctx->initiator_enc); in gss_krb5_import_ctx_v2()
395 gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx, in gss_import_v2_context() argument
403 p = simple_get_bytes(p, end, &ctx->flags, sizeof(ctx->flags)); in gss_import_v2_context()
404 if (IS_ERR(p)) in gss_import_v2_context()
406 ctx->initiate = ctx->flags & KRB5_CTX_FLAG_INITIATOR; in gss_import_v2_context()
408 p = simple_get_bytes(p, end, &time32, sizeof(time32)); in gss_import_v2_context()
409 if (IS_ERR(p)) in gss_import_v2_context()
411 /* unsigned 32-bit time overflows in year 2106 */ in gss_import_v2_context()
412 ctx->endtime = (time64_t)time32; in gss_import_v2_context()
413 p = simple_get_bytes(p, end, &seq_send64, sizeof(seq_send64)); in gss_import_v2_context()
414 if (IS_ERR(p)) in gss_import_v2_context()
416 atomic64_set(&ctx->seq_send64, seq_send64); in gss_import_v2_context()
418 atomic_set(&ctx->seq_send, seq_send64); in gss_import_v2_context()
419 if (seq_send64 != atomic_read(&ctx->seq_send)) { in gss_import_v2_context()
421 seq_send64, atomic_read(&ctx->seq_send)); in gss_import_v2_context()
422 p = ERR_PTR(-EINVAL); in gss_import_v2_context()
425 p = simple_get_bytes(p, end, &ctx->enctype, sizeof(ctx->enctype)); in gss_import_v2_context()
426 if (IS_ERR(p)) in gss_import_v2_context()
428 ctx->gk5e = gss_krb5_lookup_enctype(ctx->enctype); in gss_import_v2_context()
429 if (ctx->gk5e == NULL) { in gss_import_v2_context()
431 ctx->enctype); in gss_import_v2_context()
432 p = ERR_PTR(-EINVAL); in gss_import_v2_context()
435 keylen = ctx->gk5e->keylength; in gss_import_v2_context()
437 p = simple_get_bytes(p, end, ctx->Ksess, keylen); in gss_import_v2_context()
438 if (IS_ERR(p)) in gss_import_v2_context()
441 if (p != end) { in gss_import_v2_context()
442 p = ERR_PTR(-EINVAL); in gss_import_v2_context()
446 ctx->mech_used.data = kmemdup(gss_kerberos_mech.gm_oid.data, in gss_import_v2_context()
448 if (unlikely(ctx->mech_used.data == NULL)) { in gss_import_v2_context()
449 p = ERR_PTR(-ENOMEM); in gss_import_v2_context()
452 ctx->mech_used.len = gss_kerberos_mech.gm_oid.len; in gss_import_v2_context()
456 p = ERR_PTR(ret); in gss_import_v2_context()
463 kfree(ctx->mech_used.data); in gss_import_v2_context()
465 return PTR_ERR(p); in gss_import_v2_context()
469 gss_krb5_import_sec_context(const void *p, size_t len, struct gss_ctx *ctx_id, in gss_krb5_import_sec_context() argument
472 const void *end = (const void *)((const char *)p + len); in gss_krb5_import_sec_context()
478 return -ENOMEM; in gss_krb5_import_sec_context()
480 ret = gss_import_v2_context(p, end, ctx, gfp_mask); in gss_krb5_import_sec_context()
481 memzero_explicit(&ctx->Ksess, sizeof(ctx->Ksess)); in gss_krb5_import_sec_context()
487 ctx_id->internal_ctx_id = ctx; in gss_krb5_import_sec_context()
489 *endtime = ctx->endtime; in gss_krb5_import_sec_context()
498 crypto_free_sync_skcipher(kctx->seq); in gss_krb5_delete_sec_context()
499 crypto_free_sync_skcipher(kctx->enc); in gss_krb5_delete_sec_context()
500 crypto_free_sync_skcipher(kctx->acceptor_enc); in gss_krb5_delete_sec_context()
501 crypto_free_sync_skcipher(kctx->initiator_enc); in gss_krb5_delete_sec_context()
502 crypto_free_sync_skcipher(kctx->acceptor_enc_aux); in gss_krb5_delete_sec_context()
503 crypto_free_sync_skcipher(kctx->initiator_enc_aux); in gss_krb5_delete_sec_context()
504 crypto_free_ahash(kctx->acceptor_sign); in gss_krb5_delete_sec_context()
505 crypto_free_ahash(kctx->initiator_sign); in gss_krb5_delete_sec_context()
506 crypto_free_ahash(kctx->acceptor_integ); in gss_krb5_delete_sec_context()
507 crypto_free_ahash(kctx->initiator_integ); in gss_krb5_delete_sec_context()
508 kfree(kctx->mech_used.data); in gss_krb5_delete_sec_context()
513 * gss_krb5_get_mic - get_mic for the Kerberos GSS mechanism
519 * %GSS_S_COMPLETE - success, and @token is filled in
520 * %GSS_S_FAILURE - checksum could not be generated
521 * %GSS_S_CONTEXT_EXPIRED - Kerberos context is no longer valid
526 struct krb5_ctx *kctx = gctx->internal_ctx_id; in gss_krb5_get_mic()
528 return kctx->gk5e->get_mic(kctx, text, token); in gss_krb5_get_mic()
532 * gss_krb5_verify_mic - verify_mic for the Kerberos GSS mechanism
538 * %GSS_S_COMPLETE - computed and received checksums match
539 * %GSS_S_DEFECTIVE_TOKEN - received checksum is not valid
540 * %GSS_S_BAD_SIG - computed and received checksums do not match
541 * %GSS_S_FAILURE - received checksum could not be checked
542 * %GSS_S_CONTEXT_EXPIRED - Kerberos context is no longer valid
548 struct krb5_ctx *kctx = gctx->internal_ctx_id; in gss_krb5_verify_mic()
550 return kctx->gk5e->verify_mic(kctx, message_buffer, read_token); in gss_krb5_verify_mic()
554 * gss_krb5_wrap - gss_wrap for the Kerberos GSS mechanism
561 * %GSS_S_COMPLETE - success, @buf has been updated
562 * %GSS_S_FAILURE - @buf could not be wrapped
563 * %GSS_S_CONTEXT_EXPIRED - Kerberos context is no longer valid
568 struct krb5_ctx *kctx = gctx->internal_ctx_id; in gss_krb5_wrap()
570 return kctx->gk5e->wrap(kctx, offset, buf, pages); in gss_krb5_wrap()
574 * gss_krb5_unwrap - gss_unwrap for the Kerberos GSS mechanism
581 * %GSS_S_COMPLETE - success, @buf has been updated
582 * %GSS_S_DEFECTIVE_TOKEN - received blob is not valid
583 * %GSS_S_BAD_SIG - computed and received checksums do not match
584 * %GSS_S_FAILURE - @buf could not be unwrapped
585 * %GSS_S_CONTEXT_EXPIRED - Kerberos context is no longer valid
590 struct krb5_ctx *kctx = gctx->internal_ctx_id; in gss_krb5_unwrap()
592 return kctx->gk5e->unwrap(kctx, offset, len, buf, in gss_krb5_unwrap()
593 &gctx->slack, &gctx->align); in gss_krb5_unwrap()
628 MODULE_ALIAS("rpc-auth-gss-krb5");
629 MODULE_ALIAS("rpc-auth-gss-krb5i");
630 MODULE_ALIAS("rpc-auth-gss-krb5p");
631 MODULE_ALIAS("rpc-auth-gss-390003");
632 MODULE_ALIAS("rpc-auth-gss-390004");
633 MODULE_ALIAS("rpc-auth-gss-390005");
634 MODULE_ALIAS("rpc-auth-gss-1.2.840.113554.1.2.2");