1*ae771770SStanislav Sedov.\" Copyright (c) 1999 - 2004 Kungliga Tekniska Högskolan 2bbd80c28SJacques Vidrine.\" (Royal Institute of Technology, Stockholm, Sweden). 3bbd80c28SJacques Vidrine.\" All rights reserved. 4bbd80c28SJacques Vidrine.\" 5bbd80c28SJacques Vidrine.\" Redistribution and use in source and binary forms, with or without 6bbd80c28SJacques Vidrine.\" modification, are permitted provided that the following conditions 7bbd80c28SJacques Vidrine.\" are met: 8bbd80c28SJacques Vidrine.\" 9bbd80c28SJacques Vidrine.\" 1. Redistributions of source code must retain the above copyright 10bbd80c28SJacques Vidrine.\" notice, this list of conditions and the following disclaimer. 11bbd80c28SJacques Vidrine.\" 12bbd80c28SJacques Vidrine.\" 2. Redistributions in binary form must reproduce the above copyright 13bbd80c28SJacques Vidrine.\" notice, this list of conditions and the following disclaimer in the 14bbd80c28SJacques Vidrine.\" documentation and/or other materials provided with the distribution. 15bbd80c28SJacques Vidrine.\" 16bbd80c28SJacques Vidrine.\" 3. Neither the name of the Institute nor the names of its contributors 17bbd80c28SJacques Vidrine.\" may be used to endorse or promote products derived from this software 18bbd80c28SJacques Vidrine.\" without specific prior written permission. 19bbd80c28SJacques Vidrine.\" 20bbd80c28SJacques Vidrine.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 21bbd80c28SJacques Vidrine.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22bbd80c28SJacques Vidrine.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23bbd80c28SJacques Vidrine.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 24bbd80c28SJacques Vidrine.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25bbd80c28SJacques Vidrine.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26bbd80c28SJacques Vidrine.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27bbd80c28SJacques Vidrine.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28bbd80c28SJacques Vidrine.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29bbd80c28SJacques Vidrine.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30bbd80c28SJacques Vidrine.\" SUCH DAMAGE. 31bbd80c28SJacques Vidrine.\" 32*ae771770SStanislav Sedov.\" $Id$ 33bbd80c28SJacques Vidrine.\" 34c19800e8SDoug Rabson.Dd March 20, 2004 35b528cefcSMark Murray.Dt KRB5_ENCRYPT 3 36b528cefcSMark Murray.Os HEIMDAL 37b528cefcSMark Murray.Sh NAME 38c19800e8SDoug Rabson.Nm krb5_crypto_getblocksize , 39c19800e8SDoug Rabson.Nm krb5_crypto_getconfoundersize 40c19800e8SDoug Rabson.Nm krb5_crypto_getenctype , 41c19800e8SDoug Rabson.Nm krb5_crypto_getpadsize , 42c19800e8SDoug Rabson.Nm krb5_crypto_overhead , 43b528cefcSMark Murray.Nm krb5_decrypt , 44b528cefcSMark Murray.Nm krb5_decrypt_EncryptedData , 45c19800e8SDoug Rabson.Nm krb5_decrypt_ivec , 46c19800e8SDoug Rabson.Nm krb5_decrypt_ticket , 47b528cefcSMark Murray.Nm krb5_encrypt , 48c19800e8SDoug Rabson.Nm krb5_encrypt_EncryptedData , 49c19800e8SDoug Rabson.Nm krb5_encrypt_ivec , 50c19800e8SDoug Rabson.Nm krb5_enctype_disable , 51c19800e8SDoug Rabson.Nm krb5_enctype_keysize , 52c19800e8SDoug Rabson.Nm krb5_enctype_to_string , 53c19800e8SDoug Rabson.Nm krb5_enctype_valid , 54c19800e8SDoug Rabson.Nm krb5_get_wrapped_length , 55c19800e8SDoug Rabson.Nm krb5_string_to_enctype 56c19800e8SDoug Rabson.Nd "encrypt and decrypt data, set and get encryption type parameters" 578373020dSJacques Vidrine.Sh LIBRARY 588373020dSJacques VidrineKerberos 5 Library (libkrb5, -lkrb5) 59b528cefcSMark Murray.Sh SYNOPSIS 60bbd80c28SJacques Vidrine.In krb5.h 61b528cefcSMark Murray.Ft krb5_error_code 62c19800e8SDoug Rabson.Fo krb5_encrypt 63c19800e8SDoug Rabson.Fa "krb5_context context" 64c19800e8SDoug Rabson.Fa "krb5_crypto crypto" 65c19800e8SDoug Rabson.Fa "unsigned usage" 66c19800e8SDoug Rabson.Fa "void *data" 67c19800e8SDoug Rabson.Fa "size_t len" 68c19800e8SDoug Rabson.Fa "krb5_data *result" 69c19800e8SDoug Rabson.Fc 70b528cefcSMark Murray.Ft krb5_error_code 71c19800e8SDoug Rabson.Fo krb5_encrypt_EncryptedData 72c19800e8SDoug Rabson.Fa "krb5_context context" 73c19800e8SDoug Rabson.Fa "krb5_crypto crypto" 74c19800e8SDoug Rabson.Fa "unsigned usage" 75c19800e8SDoug Rabson.Fa "void *data" 76c19800e8SDoug Rabson.Fa "size_t len" 77c19800e8SDoug Rabson.Fa "int kvno" 78c19800e8SDoug Rabson.Fa "EncryptedData *result" 79c19800e8SDoug Rabson.Fc 80b528cefcSMark Murray.Ft krb5_error_code 81c19800e8SDoug Rabson.Fo krb5_encrypt_ivec 82c19800e8SDoug Rabson.Fa "krb5_context context" 83c19800e8SDoug Rabson.Fa "krb5_crypto crypto" 84c19800e8SDoug Rabson.Fa "unsigned usage" 85c19800e8SDoug Rabson.Fa "void *data" 86c19800e8SDoug Rabson.Fa "size_t len" 87c19800e8SDoug Rabson.Fa "krb5_data *result" 88c19800e8SDoug Rabson.Fa "void *ivec" 89c19800e8SDoug Rabson.Fc 90b528cefcSMark Murray.Ft krb5_error_code 91c19800e8SDoug Rabson.Fo krb5_decrypt 92c19800e8SDoug Rabson.Fa "krb5_context context" 93c19800e8SDoug Rabson.Fa "krb5_crypto crypto" 94c19800e8SDoug Rabson.Fa "unsigned usage" 95c19800e8SDoug Rabson.Fa "void *data" 96c19800e8SDoug Rabson.Fa "size_t len" 97c19800e8SDoug Rabson.Fa "krb5_data *result" 98c19800e8SDoug Rabson.Fc 99c19800e8SDoug Rabson.Ft krb5_error_code 100c19800e8SDoug Rabson.Fo krb5_decrypt_EncryptedData 101c19800e8SDoug Rabson.Fa "krb5_context context" 102c19800e8SDoug Rabson.Fa "krb5_crypto crypto" 103c19800e8SDoug Rabson.Fa "unsigned usage" 104c19800e8SDoug Rabson.Fa "EncryptedData *e" 105c19800e8SDoug Rabson.Fa "krb5_data *result" 106c19800e8SDoug Rabson.Fc 107c19800e8SDoug Rabson.Ft krb5_error_code 108c19800e8SDoug Rabson.Fo krb5_decrypt_ivec 109c19800e8SDoug Rabson.Fa "krb5_context context" 110c19800e8SDoug Rabson.Fa "krb5_crypto crypto" 111c19800e8SDoug Rabson.Fa "unsigned usage" 112c19800e8SDoug Rabson.Fa "void *data" 113c19800e8SDoug Rabson.Fa "size_t len" 114c19800e8SDoug Rabson.Fa "krb5_data *result" 115c19800e8SDoug Rabson.Fa "void *ivec" 116c19800e8SDoug Rabson.Fc 117c19800e8SDoug Rabson.Ft krb5_error_code 118c19800e8SDoug Rabson.Fo krb5_decrypt_ticket 119c19800e8SDoug Rabson.Fa "krb5_context context" 120c19800e8SDoug Rabson.Fa "Ticket *ticket" 121c19800e8SDoug Rabson.Fa "krb5_keyblock *key" 122c19800e8SDoug Rabson.Fa "EncTicketPart *out" 123c19800e8SDoug Rabson.Fa "krb5_flags flags" 124c19800e8SDoug Rabson.Fc 125c19800e8SDoug Rabson.Ft krb5_error_code 126c19800e8SDoug Rabson.Fo krb5_crypto_getblocksize 127c19800e8SDoug Rabson.Fa "krb5_context context" 128c19800e8SDoug Rabson.Fa "size_t *blocksize" 129c19800e8SDoug Rabson.Fc 130c19800e8SDoug Rabson.Ft krb5_error_code 131c19800e8SDoug Rabson.Fo krb5_crypto_getenctype 132c19800e8SDoug Rabson.Fa "krb5_context context" 133c19800e8SDoug Rabson.Fa "krb5_crypto crypto" 134c19800e8SDoug Rabson.Fa "krb5_enctype *enctype" 135c19800e8SDoug Rabson.Fc 136c19800e8SDoug Rabson.Ft krb5_error_code 137c19800e8SDoug Rabson.Fo krb5_crypto_getpadsize 138c19800e8SDoug Rabson.Fa "krb5_context context" 139c19800e8SDoug Rabson.Fa size_t *padsize" 140c19800e8SDoug Rabson.Fc 141c19800e8SDoug Rabson.Ft krb5_error_code 142c19800e8SDoug Rabson.Fo krb5_crypto_getconfoundersize 143c19800e8SDoug Rabson.Fa "krb5_context context" 144*ae771770SStanislav Sedov.Fa "krb5_crypto crypto" 145c19800e8SDoug Rabson.Fa size_t *confoundersize" 146c19800e8SDoug Rabson.Fc 147c19800e8SDoug Rabson.Ft krb5_error_code 148c19800e8SDoug Rabson.Fo krb5_enctype_keysize 149c19800e8SDoug Rabson.Fa "krb5_context context" 150c19800e8SDoug Rabson.Fa "krb5_enctype type" 151c19800e8SDoug Rabson.Fa "size_t *keysize" 152c19800e8SDoug Rabson.Fc 153c19800e8SDoug Rabson.Ft krb5_error_code 154c19800e8SDoug Rabson.Fo krb5_crypto_overhead 155c19800e8SDoug Rabson.Fa "krb5_context context" 156c19800e8SDoug Rabson.Fa size_t *padsize" 157c19800e8SDoug Rabson.Fc 158c19800e8SDoug Rabson.Ft krb5_error_code 159c19800e8SDoug Rabson.Fo krb5_string_to_enctype 160c19800e8SDoug Rabson.Fa "krb5_context context" 161c19800e8SDoug Rabson.Fa "const char *string" 162c19800e8SDoug Rabson.Fa "krb5_enctype *etype" 163c19800e8SDoug Rabson.Fc 164c19800e8SDoug Rabson.Ft krb5_error_code 165c19800e8SDoug Rabson.Fo krb5_enctype_to_string 166c19800e8SDoug Rabson.Fa "krb5_context context" 167c19800e8SDoug Rabson.Fa "krb5_enctype etype" 168c19800e8SDoug Rabson.Fa "char **string" 169c19800e8SDoug Rabson.Fc 170c19800e8SDoug Rabson.Ft krb5_error_code 171c19800e8SDoug Rabson.Fo krb5_enctype_valid 172c19800e8SDoug Rabson.Fa "krb5_context context" 173c19800e8SDoug Rabson.Fa "krb5_enctype etype" 174c19800e8SDoug Rabson.Fc 175c19800e8SDoug Rabson.Ft void 176c19800e8SDoug Rabson.Fo krb5_enctype_disable 177c19800e8SDoug Rabson.Fa "krb5_context context" 178c19800e8SDoug Rabson.Fa "krb5_enctype etype" 179c19800e8SDoug Rabson.Fc 180c19800e8SDoug Rabson.Ft size_t 181c19800e8SDoug Rabson.Fo krb5_get_wrapped_length 182c19800e8SDoug Rabson.Fa "krb5_context context" 183c19800e8SDoug Rabson.Fa "krb5_crypto crypto" 184c19800e8SDoug Rabson.Fa "size_t data_len" 185c19800e8SDoug Rabson.Fc 186b528cefcSMark Murray.Sh DESCRIPTION 187b528cefcSMark MurrayThese functions are used to encrypt and decrypt data. 188b528cefcSMark Murray.Pp 189c19800e8SDoug Rabson.Fn krb5_encrypt_ivec 190b528cefcSMark Murrayputs the encrypted version of 191b528cefcSMark Murray.Fa data 192b528cefcSMark Murray(of size 193b528cefcSMark Murray.Fa len ) 194b528cefcSMark Murrayin 195b528cefcSMark Murray.Fa result . 196b528cefcSMark MurrayIf the encryption type supports using derived keys, 197b528cefcSMark Murray.Fa usage 198b528cefcSMark Murrayshould be the appropriate key-usage. 199c19800e8SDoug Rabson.Fa ivec 200c19800e8SDoug Rabsonis a pointer to a initial IV, it is modified to the end IV at the end of 201c19800e8SDoug Rabsonthe round. 202c19800e8SDoug RabsonIvec should be the size of 203c19800e8SDoug RabsonIf 204c19800e8SDoug Rabson.Dv NULL 205c19800e8SDoug Rabsonis passed in, the default IV is used. 206c19800e8SDoug Rabson.Fn krb5_encrypt 207c19800e8SDoug Rabsondoes the same as 208c19800e8SDoug Rabson.Fn krb5_encrypt_ivec 209c19800e8SDoug Rabsonbut with 210c19800e8SDoug Rabson.Fa ivec 211c19800e8SDoug Rabsonbeing 212c19800e8SDoug Rabson.Dv NULL . 213b528cefcSMark Murray.Fn krb5_encrypt_EncryptedData 214b528cefcSMark Murraydoes the same as 215b528cefcSMark Murray.Fn krb5_encrypt , 216b528cefcSMark Murraybut it puts the encrypted data in a 217b528cefcSMark Murray.Fa EncryptedData 218b528cefcSMark Murraystructure instead. If 219b528cefcSMark Murray.Fa kvno 220c19800e8SDoug Rabsonis not zero, it will be put in the (optional) 221c19800e8SDoug Rabson.Fa kvno 222c19800e8SDoug Rabsonfield in the 223b528cefcSMark Murray.Fa EncryptedData . 224b528cefcSMark Murray.Pp 225c19800e8SDoug Rabson.Fn krb5_decrypt_ivec , 226b528cefcSMark Murray.Fn krb5_decrypt , 227b528cefcSMark Murrayand 228b528cefcSMark Murray.Fn krb5_decrypt_EncryptedData 229b528cefcSMark Murrayworks similarly. 230c19800e8SDoug Rabson.Pp 231c19800e8SDoug Rabson.Fn krb5_decrypt_ticket 232c19800e8SDoug Rabsondecrypts the encrypted part of 233c19800e8SDoug Rabson.Fa ticket 234c19800e8SDoug Rabsonwith 235c19800e8SDoug Rabson.Fa key . 236c19800e8SDoug Rabson.Fn krb5_decrypt_ticket 237c19800e8SDoug Rabsonalso verifies the timestamp in the ticket, invalid flag and if the KDC 238c19800e8SDoug Rabsonhaven't verified the transited path, the transit path. 239c19800e8SDoug Rabson.Pp 240c19800e8SDoug Rabson.Fn krb5_enctype_keysize , 241c19800e8SDoug Rabson.Fn krb5_crypto_getconfoundersize , 242c19800e8SDoug Rabson.Fn krb5_crypto_getblocksize , 243c19800e8SDoug Rabson.Fn krb5_crypto_getenctype , 244c19800e8SDoug Rabson.Fn krb5_crypto_getpadsize , 245c19800e8SDoug Rabson.Fn krb5_crypto_overhead 246c19800e8SDoug Rabsonall returns various (sometimes) useful information from a crypto context. 247c19800e8SDoug Rabson.Fn krb5_crypto_overhead 248c19800e8SDoug Rabsonis the combination of krb5_crypto_getconfoundersize, 249c19800e8SDoug Rabsonkrb5_crypto_getblocksize and krb5_crypto_getpadsize and return the 250c19800e8SDoug Rabsonmaximum overhead size. 251c19800e8SDoug Rabson.Pp 252c19800e8SDoug Rabson.Fn krb5_enctype_to_string 253c19800e8SDoug Rabsonconverts a encryption type number to a string that can be printable 254c19800e8SDoug Rabsonand stored. The strings returned should be freed with 255c19800e8SDoug Rabson.Xr free 3 . 256c19800e8SDoug Rabson.Pp 257c19800e8SDoug Rabson.Fn krb5_string_to_enctype 258c19800e8SDoug Rabsonconverts a encryption type strings to a encryption type number that 259c19800e8SDoug Rabsoncan use used for other Kerberos crypto functions. 260c19800e8SDoug Rabson.Pp 261c19800e8SDoug Rabson.Fn krb5_enctype_valid 262c19800e8SDoug Rabsonreturns 0 if the encrypt is supported and not disabled, otherwise and 263c19800e8SDoug Rabsonerror code is returned. 264c19800e8SDoug Rabson.Pp 265c19800e8SDoug Rabson.Fn krb5_enctype_disable 266c19800e8SDoug Rabson(globally, for all contextes) disables the 267c19800e8SDoug Rabson.Fa enctype . 268c19800e8SDoug Rabson.Pp 269c19800e8SDoug Rabson.Fn krb5_get_wrapped_length 270c19800e8SDoug Rabsonreturns the size of an encrypted packet by 271c19800e8SDoug Rabson.Fa crypto 272c19800e8SDoug Rabsonof length 273c19800e8SDoug Rabson.Fa data_len . 274b528cefcSMark Murray.\" .Sh EXAMPLE 275b528cefcSMark Murray.\" .Sh BUGS 276b528cefcSMark Murray.Sh SEE ALSO 2774137ff4cSJacques Vidrine.Xr krb5_create_checksum 3 , 2784137ff4cSJacques Vidrine.Xr krb5_crypto_init 3 279