diff options
author | Greg Hudson <ghudson@mit.edu> | 2015-12-05 19:36:57 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2016-10-03 15:38:13 -0400 |
commit | 135a9ac3c58b444998361a3b13f5decfdece2105 (patch) | |
tree | 2c4c3c38650ea3c3586aae3ef61879e0fece4374 /src/include/krb5/krb5.hin | |
parent | dc967ce5c4a03201b2a6ff477f6c4e33b07e90f0 (diff) | |
download | krb5-135a9ac3c58b444998361a3b13f5decfdece2105.zip krb5-135a9ac3c58b444998361a3b13f5decfdece2105.tar.gz krb5-135a9ac3c58b444998361a3b13f5decfdece2105.tar.bz2 |
Add aes-sha2 enctype support
Add support to libk5crypto for the aes128-cts-hmac-sha256-128 and
aes256-cts-hmac-sha384-192 encryption types, and the
hmac-sha256-128-aes128 and hmac-sha384-192-aes256 checksum types.
Key derivation for the new encryption types uses a hash, so we need to
add a hash parameter to the krb5int_derive_ functions, which can be
null except when DERIVE_SP800_108_HMAC is given. Rename the helper
function derive_random_sp800_108_cmac() to
derive_random_sp800_108_feedback_cmac() to make it clear that feedback
mode is used, since the new enctype uses counter mode.
ticket: 8490
Diffstat (limited to 'src/include/krb5/krb5.hin')
-rw-r--r-- | src/include/krb5/krb5.hin | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 44c8bfa..64b0d0f 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -423,14 +423,16 @@ typedef struct _krb5_crypto_iov { #define ENCTYPE_RSA_ES_OAEP_ENV 0x000e /**< RSA w/OEAP encryption, CMS enveloped data */ #define ENCTYPE_DES3_CBC_ENV 0x000f /**< DES-3 cbc mode, CMS enveloped data */ -#define ENCTYPE_DES3_CBC_SHA1 0x0010 -#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011 /**< RFC 3962 */ -#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012 /**< RFC 3962 */ -#define ENCTYPE_ARCFOUR_HMAC 0x0017 -#define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018 -#define ENCTYPE_CAMELLIA128_CTS_CMAC 0x0019 /**< RFC 6803 */ -#define ENCTYPE_CAMELLIA256_CTS_CMAC 0x001a /**< RFC 6803 */ -#define ENCTYPE_UNKNOWN 0x01ff +#define ENCTYPE_DES3_CBC_SHA1 0x0010 +#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011 /**< RFC 3962 */ +#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012 /**< RFC 3962 */ +#define ENCTYPE_AES128_CTS_HMAC_SHA256_128 0x0013 +#define ENCTYPE_AES256_CTS_HMAC_SHA384_192 0x0014 +#define ENCTYPE_ARCFOUR_HMAC 0x0017 +#define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018 +#define ENCTYPE_CAMELLIA128_CTS_CMAC 0x0019 /**< RFC 6803 */ +#define ENCTYPE_CAMELLIA256_CTS_CMAC 0x001a /**< RFC 6803 */ +#define ENCTYPE_UNKNOWN 0x01ff #define CKSUMTYPE_CRC32 0x0001 #define CKSUMTYPE_RSA_MD4 0x0002 @@ -446,6 +448,8 @@ typedef struct _krb5_crypto_iov { ENCTYPE_AES128_CTS_HMAC_SHA1_96 */ #define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 /**< RFC 3962. Used with ENCTYPE_AES256_CTS_HMAC_SHA1_96 */ +#define CKSUMTYPE_HMAC_SHA256_128_AES128 0x0013 +#define CKSUMTYPE_HMAC_SHA384_192_AES256 0x0014 #define CKSUMTYPE_CMAC_CAMELLIA128 0x0011 /**< RFC 6803 */ #define CKSUMTYPE_CMAC_CAMELLIA256 0x0012 /**< RFC 6803 */ #define CKSUMTYPE_MD5_HMAC_ARCFOUR -137 /*Microsoft netlogon cksumtype*/ |