1*0a6a1f1dSLionel Sambuc.\" $NetBSD: krb5_encrypt.3,v 1.1.1.3 2014/04/24 12:45:50 pettai Exp $ 2ebfedea0SLionel Sambuc.\" 3ebfedea0SLionel Sambuc.\" Copyright (c) 1999 - 2004 Kungliga Tekniska Högskolan 4ebfedea0SLionel Sambuc.\" (Royal Institute of Technology, Stockholm, Sweden). 5ebfedea0SLionel Sambuc.\" All rights reserved. 6ebfedea0SLionel Sambuc.\" 7ebfedea0SLionel Sambuc.\" Redistribution and use in source and binary forms, with or without 8ebfedea0SLionel Sambuc.\" modification, are permitted provided that the following conditions 9ebfedea0SLionel Sambuc.\" are met: 10ebfedea0SLionel Sambuc.\" 11ebfedea0SLionel Sambuc.\" 1. Redistributions of source code must retain the above copyright 12ebfedea0SLionel Sambuc.\" notice, this list of conditions and the following disclaimer. 13ebfedea0SLionel Sambuc.\" 14ebfedea0SLionel Sambuc.\" 2. Redistributions in binary form must reproduce the above copyright 15ebfedea0SLionel Sambuc.\" notice, this list of conditions and the following disclaimer in the 16ebfedea0SLionel Sambuc.\" documentation and/or other materials provided with the distribution. 17ebfedea0SLionel Sambuc.\" 18ebfedea0SLionel Sambuc.\" 3. Neither the name of the Institute nor the names of its contributors 19ebfedea0SLionel Sambuc.\" may be used to endorse or promote products derived from this software 20ebfedea0SLionel Sambuc.\" without specific prior written permission. 21ebfedea0SLionel Sambuc.\" 22ebfedea0SLionel Sambuc.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23ebfedea0SLionel Sambuc.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24ebfedea0SLionel Sambuc.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25ebfedea0SLionel Sambuc.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26ebfedea0SLionel Sambuc.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27ebfedea0SLionel Sambuc.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28ebfedea0SLionel Sambuc.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29ebfedea0SLionel Sambuc.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30ebfedea0SLionel Sambuc.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31ebfedea0SLionel Sambuc.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32ebfedea0SLionel Sambuc.\" SUCH DAMAGE. 33ebfedea0SLionel Sambuc.\" 34ebfedea0SLionel Sambuc.\" Id 35ebfedea0SLionel Sambuc.\" 36ebfedea0SLionel Sambuc.Dd March 20, 2004 37ebfedea0SLionel Sambuc.Dt KRB5_ENCRYPT 3 38ebfedea0SLionel Sambuc.Os 39ebfedea0SLionel Sambuc.Sh NAME 40ebfedea0SLionel Sambuc.Nm krb5_crypto_getblocksize , 41ebfedea0SLionel Sambuc.Nm krb5_crypto_getconfoundersize 42ebfedea0SLionel Sambuc.Nm krb5_crypto_getenctype , 43ebfedea0SLionel Sambuc.Nm krb5_crypto_getpadsize , 44ebfedea0SLionel Sambuc.Nm krb5_crypto_overhead , 45ebfedea0SLionel Sambuc.Nm krb5_decrypt , 46ebfedea0SLionel Sambuc.Nm krb5_decrypt_EncryptedData , 47ebfedea0SLionel Sambuc.Nm krb5_decrypt_ivec , 48ebfedea0SLionel Sambuc.Nm krb5_decrypt_ticket , 49ebfedea0SLionel Sambuc.Nm krb5_encrypt , 50ebfedea0SLionel Sambuc.Nm krb5_encrypt_EncryptedData , 51ebfedea0SLionel Sambuc.Nm krb5_encrypt_ivec , 52ebfedea0SLionel Sambuc.Nm krb5_enctype_disable , 53ebfedea0SLionel Sambuc.Nm krb5_enctype_keysize , 54ebfedea0SLionel Sambuc.Nm krb5_enctype_to_string , 55ebfedea0SLionel Sambuc.Nm krb5_enctype_valid , 56ebfedea0SLionel Sambuc.Nm krb5_get_wrapped_length , 57ebfedea0SLionel Sambuc.Nm krb5_string_to_enctype 58ebfedea0SLionel Sambuc.Nd "encrypt and decrypt data, set and get encryption type parameters" 59ebfedea0SLionel Sambuc.Sh LIBRARY 60ebfedea0SLionel SambucKerberos 5 Library (libkrb5, -lkrb5) 61ebfedea0SLionel Sambuc.Sh SYNOPSIS 62ebfedea0SLionel Sambuc.In krb5/krb5.h 63ebfedea0SLionel Sambuc.Ft krb5_error_code 64ebfedea0SLionel Sambuc.Fo krb5_encrypt 65ebfedea0SLionel Sambuc.Fa "krb5_context context" 66ebfedea0SLionel Sambuc.Fa "krb5_crypto crypto" 67ebfedea0SLionel Sambuc.Fa "unsigned usage" 68ebfedea0SLionel Sambuc.Fa "void *data" 69ebfedea0SLionel Sambuc.Fa "size_t len" 70ebfedea0SLionel Sambuc.Fa "krb5_data *result" 71ebfedea0SLionel Sambuc.Fc 72ebfedea0SLionel Sambuc.Ft krb5_error_code 73ebfedea0SLionel Sambuc.Fo krb5_encrypt_EncryptedData 74ebfedea0SLionel Sambuc.Fa "krb5_context context" 75ebfedea0SLionel Sambuc.Fa "krb5_crypto crypto" 76ebfedea0SLionel Sambuc.Fa "unsigned usage" 77ebfedea0SLionel Sambuc.Fa "void *data" 78ebfedea0SLionel Sambuc.Fa "size_t len" 79ebfedea0SLionel Sambuc.Fa "int kvno" 80ebfedea0SLionel Sambuc.Fa "EncryptedData *result" 81ebfedea0SLionel Sambuc.Fc 82ebfedea0SLionel Sambuc.Ft krb5_error_code 83ebfedea0SLionel Sambuc.Fo krb5_encrypt_ivec 84ebfedea0SLionel Sambuc.Fa "krb5_context context" 85ebfedea0SLionel Sambuc.Fa "krb5_crypto crypto" 86ebfedea0SLionel Sambuc.Fa "unsigned usage" 87ebfedea0SLionel Sambuc.Fa "void *data" 88ebfedea0SLionel Sambuc.Fa "size_t len" 89ebfedea0SLionel Sambuc.Fa "krb5_data *result" 90ebfedea0SLionel Sambuc.Fa "void *ivec" 91ebfedea0SLionel Sambuc.Fc 92ebfedea0SLionel Sambuc.Ft krb5_error_code 93ebfedea0SLionel Sambuc.Fo krb5_decrypt 94ebfedea0SLionel Sambuc.Fa "krb5_context context" 95ebfedea0SLionel Sambuc.Fa "krb5_crypto crypto" 96ebfedea0SLionel Sambuc.Fa "unsigned usage" 97ebfedea0SLionel Sambuc.Fa "void *data" 98ebfedea0SLionel Sambuc.Fa "size_t len" 99ebfedea0SLionel Sambuc.Fa "krb5_data *result" 100ebfedea0SLionel Sambuc.Fc 101ebfedea0SLionel Sambuc.Ft krb5_error_code 102ebfedea0SLionel Sambuc.Fo krb5_decrypt_EncryptedData 103ebfedea0SLionel Sambuc.Fa "krb5_context context" 104ebfedea0SLionel Sambuc.Fa "krb5_crypto crypto" 105ebfedea0SLionel Sambuc.Fa "unsigned usage" 106ebfedea0SLionel Sambuc.Fa "EncryptedData *e" 107ebfedea0SLionel Sambuc.Fa "krb5_data *result" 108ebfedea0SLionel Sambuc.Fc 109ebfedea0SLionel Sambuc.Ft krb5_error_code 110ebfedea0SLionel Sambuc.Fo krb5_decrypt_ivec 111ebfedea0SLionel Sambuc.Fa "krb5_context context" 112ebfedea0SLionel Sambuc.Fa "krb5_crypto crypto" 113ebfedea0SLionel Sambuc.Fa "unsigned usage" 114ebfedea0SLionel Sambuc.Fa "void *data" 115ebfedea0SLionel Sambuc.Fa "size_t len" 116ebfedea0SLionel Sambuc.Fa "krb5_data *result" 117ebfedea0SLionel Sambuc.Fa "void *ivec" 118ebfedea0SLionel Sambuc.Fc 119ebfedea0SLionel Sambuc.Ft krb5_error_code 120ebfedea0SLionel Sambuc.Fo krb5_decrypt_ticket 121ebfedea0SLionel Sambuc.Fa "krb5_context context" 122ebfedea0SLionel Sambuc.Fa "Ticket *ticket" 123ebfedea0SLionel Sambuc.Fa "krb5_keyblock *key" 124ebfedea0SLionel Sambuc.Fa "EncTicketPart *out" 125ebfedea0SLionel Sambuc.Fa "krb5_flags flags" 126ebfedea0SLionel Sambuc.Fc 127ebfedea0SLionel Sambuc.Ft krb5_error_code 128ebfedea0SLionel Sambuc.Fo krb5_crypto_getblocksize 129ebfedea0SLionel Sambuc.Fa "krb5_context context" 130ebfedea0SLionel Sambuc.Fa "size_t *blocksize" 131ebfedea0SLionel Sambuc.Fc 132ebfedea0SLionel Sambuc.Ft krb5_error_code 133ebfedea0SLionel Sambuc.Fo krb5_crypto_getenctype 134ebfedea0SLionel Sambuc.Fa "krb5_context context" 135ebfedea0SLionel Sambuc.Fa "krb5_crypto crypto" 136ebfedea0SLionel Sambuc.Fa "krb5_enctype *enctype" 137ebfedea0SLionel Sambuc.Fc 138ebfedea0SLionel Sambuc.Ft krb5_error_code 139ebfedea0SLionel Sambuc.Fo krb5_crypto_getpadsize 140ebfedea0SLionel Sambuc.Fa "krb5_context context" 141ebfedea0SLionel Sambuc.Fa size_t *padsize" 142ebfedea0SLionel Sambuc.Fc 143ebfedea0SLionel Sambuc.Ft krb5_error_code 144ebfedea0SLionel Sambuc.Fo krb5_crypto_getconfoundersize 145ebfedea0SLionel Sambuc.Fa "krb5_context context" 146ebfedea0SLionel Sambuc.Fa "krb5_crypto crypto" 147ebfedea0SLionel Sambuc.Fa size_t *confoundersize" 148ebfedea0SLionel Sambuc.Fc 149ebfedea0SLionel Sambuc.Ft krb5_error_code 150ebfedea0SLionel Sambuc.Fo krb5_enctype_keysize 151ebfedea0SLionel Sambuc.Fa "krb5_context context" 152ebfedea0SLionel Sambuc.Fa "krb5_enctype type" 153ebfedea0SLionel Sambuc.Fa "size_t *keysize" 154ebfedea0SLionel Sambuc.Fc 155ebfedea0SLionel Sambuc.Ft krb5_error_code 156ebfedea0SLionel Sambuc.Fo krb5_crypto_overhead 157ebfedea0SLionel Sambuc.Fa "krb5_context context" 158ebfedea0SLionel Sambuc.Fa size_t *padsize" 159ebfedea0SLionel Sambuc.Fc 160ebfedea0SLionel Sambuc.Ft krb5_error_code 161ebfedea0SLionel Sambuc.Fo krb5_string_to_enctype 162ebfedea0SLionel Sambuc.Fa "krb5_context context" 163ebfedea0SLionel Sambuc.Fa "const char *string" 164ebfedea0SLionel Sambuc.Fa "krb5_enctype *etype" 165ebfedea0SLionel Sambuc.Fc 166ebfedea0SLionel Sambuc.Ft krb5_error_code 167ebfedea0SLionel Sambuc.Fo krb5_enctype_to_string 168ebfedea0SLionel Sambuc.Fa "krb5_context context" 169ebfedea0SLionel Sambuc.Fa "krb5_enctype etype" 170ebfedea0SLionel Sambuc.Fa "char **string" 171ebfedea0SLionel Sambuc.Fc 172ebfedea0SLionel Sambuc.Ft krb5_error_code 173ebfedea0SLionel Sambuc.Fo krb5_enctype_valid 174ebfedea0SLionel Sambuc.Fa "krb5_context context" 175ebfedea0SLionel Sambuc.Fa "krb5_enctype etype" 176ebfedea0SLionel Sambuc.Fc 177ebfedea0SLionel Sambuc.Ft void 178ebfedea0SLionel Sambuc.Fo krb5_enctype_disable 179ebfedea0SLionel Sambuc.Fa "krb5_context context" 180ebfedea0SLionel Sambuc.Fa "krb5_enctype etype" 181ebfedea0SLionel Sambuc.Fc 182ebfedea0SLionel Sambuc.Ft size_t 183ebfedea0SLionel Sambuc.Fo krb5_get_wrapped_length 184ebfedea0SLionel Sambuc.Fa "krb5_context context" 185ebfedea0SLionel Sambuc.Fa "krb5_crypto crypto" 186ebfedea0SLionel Sambuc.Fa "size_t data_len" 187ebfedea0SLionel Sambuc.Fc 188ebfedea0SLionel Sambuc.Sh DESCRIPTION 189ebfedea0SLionel SambucThese functions are used to encrypt and decrypt data. 190ebfedea0SLionel Sambuc.Pp 191ebfedea0SLionel Sambuc.Fn krb5_encrypt_ivec 192ebfedea0SLionel Sambucputs the encrypted version of 193ebfedea0SLionel Sambuc.Fa data 194ebfedea0SLionel Sambuc(of size 195ebfedea0SLionel Sambuc.Fa len ) 196ebfedea0SLionel Sambucin 197ebfedea0SLionel Sambuc.Fa result . 198ebfedea0SLionel SambucIf the encryption type supports using derived keys, 199ebfedea0SLionel Sambuc.Fa usage 200ebfedea0SLionel Sambucshould be the appropriate key-usage. 201ebfedea0SLionel Sambuc.Fa ivec 202ebfedea0SLionel Sambucis a pointer to a initial IV, it is modified to the end IV at the end of 203ebfedea0SLionel Sambucthe round. 204ebfedea0SLionel SambucIvec should be the size of 205ebfedea0SLionel SambucIf 206ebfedea0SLionel Sambuc.Dv NULL 207ebfedea0SLionel Sambucis passed in, the default IV is used. 208ebfedea0SLionel Sambuc.Fn krb5_encrypt 209ebfedea0SLionel Sambucdoes the same as 210ebfedea0SLionel Sambuc.Fn krb5_encrypt_ivec 211ebfedea0SLionel Sambucbut with 212ebfedea0SLionel Sambuc.Fa ivec 213ebfedea0SLionel Sambucbeing 214ebfedea0SLionel Sambuc.Dv NULL . 215ebfedea0SLionel Sambuc.Fn krb5_encrypt_EncryptedData 216ebfedea0SLionel Sambucdoes the same as 217ebfedea0SLionel Sambuc.Fn krb5_encrypt , 218ebfedea0SLionel Sambucbut it puts the encrypted data in a 219ebfedea0SLionel Sambuc.Fa EncryptedData 220ebfedea0SLionel Sambucstructure instead. If 221ebfedea0SLionel Sambuc.Fa kvno 222ebfedea0SLionel Sambucis not zero, it will be put in the (optional) 223ebfedea0SLionel Sambuc.Fa kvno 224ebfedea0SLionel Sambucfield in the 225ebfedea0SLionel Sambuc.Fa EncryptedData . 226ebfedea0SLionel Sambuc.Pp 227ebfedea0SLionel Sambuc.Fn krb5_decrypt_ivec , 228ebfedea0SLionel Sambuc.Fn krb5_decrypt , 229ebfedea0SLionel Sambucand 230ebfedea0SLionel Sambuc.Fn krb5_decrypt_EncryptedData 231ebfedea0SLionel Sambucworks similarly. 232ebfedea0SLionel Sambuc.Pp 233ebfedea0SLionel Sambuc.Fn krb5_decrypt_ticket 234ebfedea0SLionel Sambucdecrypts the encrypted part of 235ebfedea0SLionel Sambuc.Fa ticket 236ebfedea0SLionel Sambucwith 237ebfedea0SLionel Sambuc.Fa key . 238ebfedea0SLionel Sambuc.Fn krb5_decrypt_ticket 239ebfedea0SLionel Sambucalso verifies the timestamp in the ticket, invalid flag and if the KDC 240ebfedea0SLionel Sambuchaven't verified the transited path, the transit path. 241ebfedea0SLionel Sambuc.Pp 242ebfedea0SLionel Sambuc.Fn krb5_enctype_keysize , 243ebfedea0SLionel Sambuc.Fn krb5_crypto_getconfoundersize , 244ebfedea0SLionel Sambuc.Fn krb5_crypto_getblocksize , 245ebfedea0SLionel Sambuc.Fn krb5_crypto_getenctype , 246ebfedea0SLionel Sambuc.Fn krb5_crypto_getpadsize , 247ebfedea0SLionel Sambuc.Fn krb5_crypto_overhead 248ebfedea0SLionel Sambucall returns various (sometimes) useful information from a crypto context. 249ebfedea0SLionel Sambuc.Fn krb5_crypto_overhead 250ebfedea0SLionel Sambucis the combination of krb5_crypto_getconfoundersize, 251ebfedea0SLionel Sambuckrb5_crypto_getblocksize and krb5_crypto_getpadsize and return the 252ebfedea0SLionel Sambucmaximum overhead size. 253ebfedea0SLionel Sambuc.Pp 254ebfedea0SLionel Sambuc.Fn krb5_enctype_to_string 255ebfedea0SLionel Sambucconverts a encryption type number to a string that can be printable 256ebfedea0SLionel Sambucand stored. The strings returned should be freed with 257ebfedea0SLionel Sambuc.Xr free 3 . 258ebfedea0SLionel Sambuc.Pp 259ebfedea0SLionel Sambuc.Fn krb5_string_to_enctype 260ebfedea0SLionel Sambucconverts a encryption type strings to a encryption type number that 261ebfedea0SLionel Sambuccan use used for other Kerberos crypto functions. 262ebfedea0SLionel Sambuc.Pp 263ebfedea0SLionel Sambuc.Fn krb5_enctype_valid 264ebfedea0SLionel Sambucreturns 0 if the encrypt is supported and not disabled, otherwise and 265ebfedea0SLionel Sambucerror code is returned. 266ebfedea0SLionel Sambuc.Pp 267ebfedea0SLionel Sambuc.Fn krb5_enctype_disable 268ebfedea0SLionel Sambuc(globally, for all contextes) disables the 269ebfedea0SLionel Sambuc.Fa enctype . 270ebfedea0SLionel Sambuc.Pp 271ebfedea0SLionel Sambuc.Fn krb5_get_wrapped_length 272ebfedea0SLionel Sambucreturns the size of an encrypted packet by 273ebfedea0SLionel Sambuc.Fa crypto 274ebfedea0SLionel Sambucof length 275ebfedea0SLionel Sambuc.Fa data_len . 276ebfedea0SLionel Sambuc.\" .Sh EXAMPLE 277ebfedea0SLionel Sambuc.\" .Sh BUGS 278ebfedea0SLionel Sambuc.Sh SEE ALSO 279ebfedea0SLionel Sambuc.Xr krb5_create_checksum 3 , 280ebfedea0SLionel Sambuc.Xr krb5_crypto_init 3 281