1 /* SPDX-License-Identifier: GPL-2.0 or BSD-3-Clause */ 2 /* 3 * SunRPC GSS Kerberos 5 mechanism internal definitions 4 * 5 * Copyright (c) 2022 Oracle and/or its affiliates. 6 */ 7 8 #ifndef _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H 9 #define _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H 10 11 /* 12 * GSS Kerberos 5 mechanism Per-Message calls. 13 */ 14 15 u32 gss_krb5_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text, 16 struct xdr_netobj *token); 17 u32 gss_krb5_get_mic_v2(struct krb5_ctx *ctx, struct xdr_buf *text, 18 struct xdr_netobj *token); 19 20 u32 gss_krb5_verify_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *message_buffer, 21 struct xdr_netobj *read_token); 22 u32 gss_krb5_verify_mic_v2(struct krb5_ctx *ctx, struct xdr_buf *message_buffer, 23 struct xdr_netobj *read_token); 24 25 u32 gss_krb5_wrap_v1(struct krb5_ctx *kctx, int offset, 26 struct xdr_buf *buf, struct page **pages); 27 u32 gss_krb5_wrap_v2(struct krb5_ctx *kctx, int offset, 28 struct xdr_buf *buf, struct page **pages); 29 30 u32 gss_krb5_unwrap_v1(struct krb5_ctx *kctx, int offset, int len, 31 struct xdr_buf *buf, unsigned int *slack, 32 unsigned int *align); 33 u32 gss_krb5_unwrap_v2(struct krb5_ctx *kctx, int offset, int len, 34 struct xdr_buf *buf, unsigned int *slack, 35 unsigned int *align); 36 37 /* 38 * Implementation internal functions 39 */ 40 41 /* Key Derivation Functions */ 42 43 int krb5_derive_key_v1(const struct gss_krb5_enctype *gk5e, 44 const struct xdr_netobj *inkey, 45 struct xdr_netobj *outkey, 46 const struct xdr_netobj *label, 47 gfp_t gfp_mask); 48 49 int krb5_derive_key_v2(const struct gss_krb5_enctype *gk5e, 50 const struct xdr_netobj *inkey, 51 struct xdr_netobj *outkey, 52 const struct xdr_netobj *label, 53 gfp_t gfp_mask); 54 55 /** 56 * krb5_derive_key - Derive a subkey from a protocol key 57 * @kctx: Kerberos 5 context 58 * @inkey: base protocol key 59 * @outkey: OUT: derived key 60 * @usage: key usage value 61 * @seed: key usage seed (one octet) 62 * @gfp_mask: memory allocation control flags 63 * 64 * Caller sets @outkey->len to the desired length of the derived key. 65 * 66 * On success, returns 0 and fills in @outkey. A negative errno value 67 * is returned on failure. 68 */ 69 static inline int krb5_derive_key(struct krb5_ctx *kctx, 70 const struct xdr_netobj *inkey, 71 struct xdr_netobj *outkey, 72 u32 usage, u8 seed, gfp_t gfp_mask) 73 { 74 const struct gss_krb5_enctype *gk5e = kctx->gk5e; 75 u8 label_data[GSS_KRB5_K5CLENGTH]; 76 struct xdr_netobj label = { 77 .len = sizeof(label_data), 78 .data = label_data, 79 }; 80 __be32 *p = (__be32 *)label_data; 81 82 *p = cpu_to_be32(usage); 83 label_data[4] = seed; 84 return gk5e->derive_key(gk5e, inkey, outkey, &label, gfp_mask); 85 } 86 87 void krb5_make_confounder(u8 *p, int conflen); 88 89 u32 gss_krb5_checksum(struct crypto_ahash *tfm, char *header, int hdrlen, 90 const struct xdr_buf *body, int body_offset, 91 struct xdr_netobj *cksumout); 92 93 u32 krb5_encrypt(struct crypto_sync_skcipher *key, void *iv, void *in, 94 void *out, int length); 95 96 u32 krb5_decrypt(struct crypto_sync_skcipher *key, void *iv, void *in, 97 void *out, int length); 98 99 u32 gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset, 100 struct xdr_buf *buf, struct page **pages); 101 102 u32 gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len, 103 struct xdr_buf *buf, u32 *plainoffset, u32 *plainlen); 104 105 #endif /* _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H */ 106