1 .TH "Heimdal Kerberos 5 cryptography functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
5 Heimdal Kerberos 5 cryptography functions \-
10 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_enctype_valid\fP (krb5_context context, krb5_enctype etype)"
13 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cksumtype_to_enctype\fP (krb5_context context, krb5_cksumtype ctype, krb5_enctype *etype)"
16 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_encrypt_iov_ivec\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, int num_data, void *ivec)"
19 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_decrypt_iov_ivec\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, unsigned int num_data, void *ivec)"
22 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_create_checksum_iov\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, unsigned int num_data, krb5_cksumtype *type)"
25 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_verify_checksum_iov\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, unsigned int num_data, krb5_cksumtype *type)"
28 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_init\fP (krb5_context context, const krb5_keyblock *key, krb5_enctype etype, krb5_crypto *crypto)"
31 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_destroy\fP (krb5_context context, krb5_crypto crypto)"
34 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getblocksize\fP (krb5_context context, krb5_crypto crypto, size_t *blocksize)"
37 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getenctype\fP (krb5_context context, krb5_crypto crypto, krb5_enctype *enctype)"
40 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getpadsize\fP (krb5_context context, krb5_crypto crypto, size_t *padsize)"
43 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getconfoundersize\fP (krb5_context context, krb5_crypto crypto, size_t *confoundersize)"
46 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_enctype_disable\fP (krb5_context context, krb5_enctype enctype)"
49 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_enctype_enable\fP (krb5_context context, krb5_enctype enctype)"
52 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_allow_weak_crypto\fP (krb5_context context, krb5_boolean enable)"
55 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_random_to_key\fP (krb5_context context, krb5_enctype type, const void *data, size_t size, krb5_keyblock *key)"
58 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_fx_cf2\fP (krb5_context context, const krb5_crypto crypto1, const krb5_crypto crypto2, krb5_data *pepper1, krb5_data *pepper2, krb5_enctype enctype, krb5_keyblock *res)"
61 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_generate_subkey_extended\fP (krb5_context context, const krb5_keyblock *key, krb5_enctype etype, krb5_keyblock **subkey)"
64 .RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_keyblock_zero\fP (krb5_keyblock *keyblock)"
67 .RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_keyblock_contents\fP (krb5_context context, krb5_keyblock *keyblock)"
70 .RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_keyblock\fP (krb5_context context, krb5_keyblock *keyblock)"
73 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_keyblock_contents\fP (krb5_context context, const krb5_keyblock *inblock, krb5_keyblock *to)"
76 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_keyblock\fP (krb5_context context, const krb5_keyblock *inblock, krb5_keyblock **to)"
79 .RI "KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL \fBkrb5_keyblock_get_enctype\fP (const krb5_keyblock *block)"
82 .RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_keyblock_init\fP (krb5_context context, krb5_enctype type, const void *data, size_t size, krb5_keyblock *key)"
85 .SH "Detailed Description"
88 .SH "Function Documentation"
90 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_allow_weak_crypto (krb5_context context, krb5_boolean enable)"
92 Enable or disable all weak encryption types
96 \fIcontext\fP Kerberos 5 context
98 \fIenable\fP true to enable, false to disable
103 Return an error code or 0.
107 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cksumtype_to_enctype (krb5_context context, krb5_cksumtype ctype, krb5_enctype * etype)"
109 Return the coresponding encryption type for a checksum type.
113 \fIcontext\fP Kerberos context
115 \fIctype\fP The checksum type to get the result enctype for
117 \fIetype\fP The returned encryption, when the matching etype is not found, etype is set to ETYPE_NULL.
122 Return an error code for an failure or 0 on success.
126 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock (krb5_context context, const krb5_keyblock * inblock, krb5_keyblock ** to)"
128 Copy a keyblock, free the output keyblock with \fBkrb5_free_keyblock()\fP.
132 \fIcontext\fP a Kerberos 5 context
134 \fIinblock\fP the key to copy
136 \fIto\fP the output key.
141 0 on success or a Kerberos 5 error code
145 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock_contents (krb5_context context, const krb5_keyblock * inblock, krb5_keyblock * to)"
147 Copy a keyblock, free the output keyblock with \fBkrb5_free_keyblock_contents()\fP.
151 \fIcontext\fP a Kerberos 5 context
153 \fIinblock\fP the key to copy
155 \fIto\fP the output key.
160 0 on success or a Kerberos 5 error code
164 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_create_checksum_iov (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, unsigned int num_data, krb5_cksumtype * type)"
166 Create a Kerberos message checksum.
170 \fIcontext\fP Kerberos context
172 \fIcrypto\fP Kerberos crypto context
174 \fIusage\fP Key usage for this buffer
176 \fIdata\fP array of buffers to process
178 \fInum_data\fP length of array
180 \fItype\fP output data
185 Return an error code or 0.
189 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_destroy (krb5_context context, krb5_crypto crypto)"
191 Free a crypto context created by \fBkrb5_crypto_init()\fP.
195 \fIcontext\fP Kerberos context
197 \fIcrypto\fP crypto context to free
202 Return an error code or 0.
206 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_fx_cf2 (krb5_context context, const krb5_crypto crypto1, const krb5_crypto crypto2, krb5_data * pepper1, krb5_data * pepper2, krb5_enctype enctype, krb5_keyblock * res)"
208 The FX-CF2 key derivation function, used in FAST and preauth framework.
212 \fIcontext\fP Kerberos 5 context
214 \fIcrypto1\fP first key to combine
216 \fIcrypto2\fP second key to combine
218 \fIpepper1\fP factor to combine with first key to garante uniqueness
220 \fIpepper2\fP factor to combine with second key to garante uniqueness
222 \fIenctype\fP the encryption type of the resulting key
224 \fIres\fP allocated key, free with \fBkrb5_free_keyblock_contents()\fP
229 Return an error code or 0.
233 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getblocksize (krb5_context context, krb5_crypto crypto, size_t * blocksize)"
235 Return the blocksize used algorithm referenced by the crypto context
239 \fIcontext\fP Kerberos context
241 \fIcrypto\fP crypto context to query
243 \fIblocksize\fP the resulting blocksize
248 Return an error code or 0.
252 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getconfoundersize (krb5_context context, krb5_crypto crypto, size_t * confoundersize)"
254 Return the confounder size used by the crypto context
258 \fIcontext\fP Kerberos context
260 \fIcrypto\fP crypto context to query
262 \fIconfoundersize\fP the returned confounder size
267 Return an error code or 0.
271 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getenctype (krb5_context context, krb5_crypto crypto, krb5_enctype * enctype)"
273 Return the encryption type used by the crypto context
277 \fIcontext\fP Kerberos context
279 \fIcrypto\fP crypto context to query
281 \fIenctype\fP the resulting encryption type
286 Return an error code or 0.
290 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getpadsize (krb5_context context, krb5_crypto crypto, size_t * padsize)"
292 Return the padding size used by the crypto context
296 \fIcontext\fP Kerberos context
298 \fIcrypto\fP crypto context to query
300 \fIpadsize\fP the return padding size
305 Return an error code or 0.
309 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_init (krb5_context context, const krb5_keyblock * key, krb5_enctype etype, krb5_crypto * crypto)"
311 Create a crypto context used for all encryption and signature operation. The encryption type to use is taken from the key, but can be overridden with the enctype parameter. This can be useful for encryptions types which is compatiable (DES for example).
313 To free the crypto context, use \fBkrb5_crypto_destroy()\fP.
317 \fIcontext\fP Kerberos context
319 \fIkey\fP the key block information with all key data
321 \fIetype\fP the encryption type
323 \fIcrypto\fP the resulting crypto context
328 Return an error code or 0.
332 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_iov_ivec (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, unsigned int num_data, void * ivec)"
334 Inline decrypt a Kerberos message.
338 \fIcontext\fP Kerberos context
340 \fIcrypto\fP Kerberos crypto context
342 \fIusage\fP Key usage for this buffer
344 \fIdata\fP array of buffers to process
346 \fInum_data\fP length of array
348 \fIivec\fP initial cbc/cts vector
353 Return an error code or 0.
356 1. KRB5_CRYPTO_TYPE_HEADER 2. one KRB5_CRYPTO_TYPE_DATA and array [0,...] of KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver have to aware of the order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used unencrypoted protocol headers and trailers. The output data will be of same size as the input data or shorter.
357 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_iov_ivec (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, int num_data, void * ivec)"
359 Inline encrypt a kerberos message
363 \fIcontext\fP Kerberos context
365 \fIcrypto\fP Kerberos crypto context
367 \fIusage\fP Key usage for this buffer
369 \fIdata\fP array of buffers to process
371 \fInum_data\fP length of array
373 \fIivec\fP initial cbc/cts vector
378 Return an error code or 0.
381 Kerberos encrypted data look like this:
383 1. KRB5_CRYPTO_TYPE_HEADER 2. array [1,...] KRB5_CRYPTO_TYPE_DATA and array [0,...] KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver have to aware of the order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used headers and trailers. 3. KRB5_CRYPTO_TYPE_PADDING, at least on padsize long if padsize > 1 4. KRB5_CRYPTO_TYPE_TRAILER
384 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_disable (krb5_context context, krb5_enctype enctype)"
386 Disable encryption type
390 \fIcontext\fP Kerberos 5 context
392 \fIenctype\fP encryption type to disable
397 Return an error code or 0.
401 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_enable (krb5_context context, krb5_enctype enctype)"
403 Enable encryption type
407 \fIcontext\fP Kerberos 5 context
409 \fIenctype\fP encryption type to enable
414 Return an error code or 0.
418 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_valid (krb5_context context, krb5_enctype etype)"
420 Check if a enctype is valid, return 0 if it is.
424 \fIcontext\fP Kerberos context
426 \fIetype\fP enctype to check if its valid or not
431 Return an error code for an failure or 0 on success (enctype valid).
435 .SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock (krb5_context context, krb5_keyblock * keyblock)"
437 Free a keyblock, also zero out the content of the keyblock, uses \fBkrb5_free_keyblock_contents()\fP to free the content.
441 \fIcontext\fP a Kerberos 5 context
443 \fIkeyblock\fP keyblock to free, NULL is valid argument
447 .SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock_contents (krb5_context context, krb5_keyblock * keyblock)"
449 Free a keyblock's content, also zero out the content of the keyblock.
453 \fIcontext\fP a Kerberos 5 context
455 \fIkeyblock\fP keyblock content to free, NULL is valid argument
459 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey_extended (krb5_context context, const krb5_keyblock * key, krb5_enctype etype, krb5_keyblock ** subkey)"
461 Generate subkey, from keyblock
465 \fIcontext\fP kerberos context
467 \fIkey\fP session key
469 \fIetype\fP encryption type of subkey, if ETYPE_NULL, use key's enctype
471 \fIsubkey\fP returned new, free with \fBkrb5_free_keyblock()\fP.
476 0 on success or a Kerberos 5 error code
480 .SS "KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL krb5_keyblock_get_enctype (const krb5_keyblock * block)"
482 Get encryption type of a keyblock.
483 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keyblock_init (krb5_context context, krb5_enctype type, const void * data, size_t size, krb5_keyblock * key)"
485 Fill in `key' with key data of type `enctype' from `data' of length `size'. Key should be freed using \fBkrb5_free_keyblock_contents()\fP.
489 0 on success or a Kerberos 5 error code
493 .SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_keyblock_zero (krb5_keyblock * keyblock)"
499 \fIkeyblock\fP keyblock to zero out
503 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_random_to_key (krb5_context context, krb5_enctype type, const void * data, size_t size, krb5_keyblock * key)"
505 Converts the random bytestring to a protocol key according to Kerberos crypto frame work. It may be assumed that all the bits of the input string are equally random, even though the entropy present in the random source may be limited.
509 \fIcontext\fP Kerberos 5 context
511 \fItype\fP the enctype resulting key will be of
513 \fIdata\fP input random data to convert to a key
515 \fIsize\fP size of input random data, at least krb5_enctype_keysize() long
517 \fIkey\fP key, output key, free with \fBkrb5_free_keyblock_contents()\fP
522 Return an error code or 0.
526 .SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_checksum_iov (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, unsigned int num_data, krb5_cksumtype * type)"
528 Verify a Kerberos message checksum.
532 \fIcontext\fP Kerberos context
534 \fIcrypto\fP Kerberos crypto context
536 \fIusage\fP Key usage for this buffer
538 \fIdata\fP array of buffers to process
540 \fInum_data\fP length of array
542 \fItype\fP return checksum type if not NULL
547 Return an error code or 0.