1 // SPDX-License-Identifier: BSD-3-Clause
2 /* rfc3962 Advanced Encryption Standard (AES) Encryption for Kerberos 5
3  *
4  * Parts borrowed from net/sunrpc/auth_gss/.
5  */
6 /*
7  * COPYRIGHT (c) 2008
8  * The Regents of the University of Michigan
9  * ALL RIGHTS RESERVED
10  *
11  * Permission is granted to use, copy, create derivative works
12  * and redistribute this software and such derivative works
13  * for any purpose, so long as the name of The University of
14  * Michigan is not used in any advertising or publicity
15  * pertaining to the use of distribution of this software
16  * without specific, written prior authorization.  If the
17  * above copyright notice or any other identification of the
18  * University of Michigan is included in any copy of any
19  * portion of this software, then the disclaimer below must
20  * also be included.
21  *
22  * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
23  * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
24  * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
25  * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
26  * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
27  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
28  * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
29  * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
30  * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
31  * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
32  * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGES.
34  */
35 
36 /*
37  * Copyright (C) 1998 by the FundsXpress, INC.
38  *
39  * All rights reserved.
40  *
41  * Export of this software from the United States of America may require
42  * a specific license from the United States Government.  It is the
43  * responsibility of any person or organization contemplating export to
44  * obtain such a license before exporting.
45  *
46  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
47  * distribute this software and its documentation for any purpose and
48  * without fee is hereby granted, provided that the above copyright
49  * notice appear in all copies and that both that copyright notice and
50  * this permission notice appear in supporting documentation, and that
51  * the name of FundsXpress. not be used in advertising or publicity pertaining
52  * to distribution of the software without specific, written prior
53  * permission.  FundsXpress makes no representations about the suitability of
54  * this software for any purpose.  It is provided "as is" without express
55  * or implied warranty.
56  *
57  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
58  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
59  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
60  */
61 
62 /*
63  * Copyright (C) 2025 Red Hat, Inc. All Rights Reserved.
64  * Written by David Howells (dhowells@redhat.com)
65  */
66 
67 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
68 
69 #include "internal.h"
70 
71 const struct krb5_enctype krb5_aes128_cts_hmac_sha1_96 = {
72 	.etype		= KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96,
73 	.ctype		= KRB5_CKSUMTYPE_HMAC_SHA1_96_AES128,
74 	.name		= "aes128-cts-hmac-sha1-96",
75 	.encrypt_name	= "krb5enc(hmac(sha1),cts(cbc(aes)))",
76 	.cksum_name	= "hmac(sha1)",
77 	.hash_name	= "sha1",
78 	.derivation_enc	= "cts(cbc(aes))",
79 	.key_bytes	= 16,
80 	.key_len	= 16,
81 	.Kc_len		= 16,
82 	.Ke_len		= 16,
83 	.Ki_len		= 16,
84 	.block_len	= 16,
85 	.conf_len	= 16,
86 	.cksum_len	= 12,
87 	.hash_len	= 20,
88 	.prf_len	= 16,
89 	.keyed_cksum	= true,
90 	.random_to_key	= NULL, /* Identity */
91 	.profile	= &rfc3961_simplified_profile,
92 };
93 
94 const struct krb5_enctype krb5_aes256_cts_hmac_sha1_96 = {
95 	.etype		= KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
96 	.ctype		= KRB5_CKSUMTYPE_HMAC_SHA1_96_AES256,
97 	.name		= "aes256-cts-hmac-sha1-96",
98 	.encrypt_name	= "krb5enc(hmac(sha1),cts(cbc(aes)))",
99 	.cksum_name	= "hmac(sha1)",
100 	.hash_name	= "sha1",
101 	.derivation_enc	= "cts(cbc(aes))",
102 	.key_bytes	= 32,
103 	.key_len	= 32,
104 	.Kc_len		= 32,
105 	.Ke_len		= 32,
106 	.Ki_len		= 32,
107 	.block_len	= 16,
108 	.conf_len	= 16,
109 	.cksum_len	= 12,
110 	.hash_len	= 20,
111 	.prf_len	= 16,
112 	.keyed_cksum	= true,
113 	.random_to_key	= NULL, /* Identity */
114 	.profile	= &rfc3961_simplified_profile,
115 };
116