9319b9dce1
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16229 ec53bebd-3082-4978-b11e-865c3cabbd6b
268 lines
6.7 KiB
Groff
268 lines
6.7 KiB
Groff
.\" Copyright (c) 1999 - 2004 Kungliga Tekniska Högskolan
|
|
.\" (Royal Institute of Technology, Stockholm, Sweden).
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\"
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\"
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" 3. Neither the name of the Institute nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $Id$
|
|
.\"
|
|
.Dd March 20, 2004
|
|
.Dt KRB5_ENCRYPT 3
|
|
.Os HEIMDAL
|
|
.Sh NAME
|
|
.Nm krb5_crypto_getblocksize ,
|
|
.Nm krb5_crypto_getconfoundersize
|
|
.Nm krb5_crypto_getenctype ,
|
|
.Nm krb5_crypto_getpadsize ,
|
|
.Nm krb5_decrypt ,
|
|
.Nm krb5_decrypt_EncryptedData ,
|
|
.Nm krb5_decrypt_ivec ,
|
|
.Nm krb5_decrypt_ticket ,
|
|
.Nm krb5_encrypt ,
|
|
.Nm krb5_encrypt_EncryptedData ,
|
|
.Nm krb5_encrypt_ivec ,
|
|
.Nm krb5_enctype_disable ,
|
|
.Nm krb5_enctype_keysize ,
|
|
.Nm krb5_enctype_to_string ,
|
|
.Nm krb5_enctype_valid ,
|
|
.Nm krb5_get_wrapped_length ,
|
|
.Nm krb5_string_to_enctype
|
|
.Nd encrypt and decrypt data, set and get encryption type parameters
|
|
.Sh LIBRARY
|
|
Kerberos 5 Library (libkrb5, -lkrb5)
|
|
.Sh SYNOPSIS
|
|
.In krb5.h
|
|
.Ft krb5_error_code
|
|
.Fo krb5_encrypt
|
|
.Fa "krb5_context context"
|
|
.Fa "krb5_crypto crypto"
|
|
.Fa "unsigned usage"
|
|
.Fa "void *data"
|
|
.Fa "size_t len"
|
|
.Fa "krb5_data *result"
|
|
.Fc
|
|
.Ft krb5_error_code
|
|
.Fo krb5_encrypt_EncryptedData
|
|
.Fa "krb5_context context"
|
|
.Fa "krb5_crypto crypto"
|
|
.Fa "unsigned usage"
|
|
.Fa "void *data"
|
|
.Fa "size_t len"
|
|
.Fa "int kvno"
|
|
.Fa "EncryptedData *result"
|
|
.Fc
|
|
.Ft krb5_error_code
|
|
.Fo krb5_encrypt_ivec
|
|
.Fa "krb5_context context"
|
|
.Fa "krb5_crypto crypto"
|
|
.Fa "unsigned usage"
|
|
.Fa "void *data"
|
|
.Fa "size_t len"
|
|
.Fa "krb5_data *result"
|
|
.Fa "void *ivec"
|
|
.Fc
|
|
.Ft krb5_error_code
|
|
.Fo krb5_decrypt
|
|
.Fa "krb5_context context"
|
|
.Fa "krb5_crypto crypto"
|
|
.Fa "unsigned usage"
|
|
.Fa "void *data"
|
|
.Fa "size_t len"
|
|
.Fa "krb5_data *result"
|
|
.Fc
|
|
.Ft krb5_error_code
|
|
.Fo krb5_decrypt_EncryptedData
|
|
.Fa "krb5_context context"
|
|
.Fa "krb5_crypto crypto"
|
|
.Fa "unsigned usage"
|
|
.Fa "EncryptedData *e"
|
|
.Fa "krb5_data *result"
|
|
.Fc
|
|
.Ft krb5_error_code
|
|
.Fo krb5_decrypt_ivec
|
|
.Fa "krb5_context context"
|
|
.Fa "krb5_crypto crypto"
|
|
.Fa "unsigned usage"
|
|
.Fa "void *data"
|
|
.Fa "size_t len"
|
|
.Fa "krb5_data *result"
|
|
.Fa "void *ivec"
|
|
.Fc
|
|
.Ft krb5_error_code
|
|
.Fo krb5_decrypt_ticket
|
|
.Fa "krb5_context context"
|
|
.Fa "Ticket *ticket"
|
|
.Fa "krb5_keyblock *key"
|
|
.Fa "EncTicketPart *out"
|
|
.Fa "krb5_flags flags"
|
|
.Fc
|
|
.Ft krb5_error_code
|
|
.Fo krb5_crypto_getblocksize
|
|
.Fa "krb5_context context"
|
|
.Fa "size_t *blocksize"
|
|
.Fc
|
|
.Ft krb5_error_code
|
|
.Fo krb5_crypto_getenctype
|
|
.Fa "krb5_context context"
|
|
.Fa "krb5_crypto crypto"
|
|
.Fa "krb5_enctype *enctype"
|
|
.Fc
|
|
.Ft krb5_error_code
|
|
.Fo krb5_crypto_getpadsize
|
|
.Fa "krb5_context context"
|
|
.Fa size_t *padsize"
|
|
.Fc
|
|
.Ft krb5_error_code
|
|
.Fo krb5_crypto_getconfoundersize
|
|
.Fa "krb5_context context"
|
|
.Fa "krb5_crypto crypto
|
|
.Fa size_t *confoundersize"
|
|
.Fc
|
|
.Ft krb5_error_code
|
|
.Fo krb5_enctype_keysize
|
|
.Fa "krb5_context context"
|
|
.Fa "krb5_enctype type"
|
|
.Fa "size_t *keysize"
|
|
.Fc
|
|
.Ft krb5_error_code
|
|
.Fo krb5_string_to_enctype
|
|
.Fa "krb5_context context"
|
|
.Fa "const char *string"
|
|
.Fa "krb5_enctype *etype"
|
|
.Fc
|
|
.Ft krb5_error_code
|
|
.Fo krb5_enctype_to_string
|
|
.Fa "krb5_context context"
|
|
.Fa "krb5_enctype etype"
|
|
.Fa "char **string"
|
|
.Fc
|
|
.Ft krb5_error_code
|
|
.Fo krb5_enctype_valid
|
|
.Fa "krb5_context context"
|
|
.Fa "krb5_enctype etype"
|
|
.Fc
|
|
.Ft void
|
|
.Fo krb5_enctype_disable
|
|
.Fa "krb5_context context"
|
|
.Fa "krb5_enctype etype"
|
|
.Fc
|
|
.Ft size_t
|
|
.Fo krb5_get_wrapped_length
|
|
.Fa "krb5_context context"
|
|
.Fa "krb5_crypto crypto"
|
|
.Fa "size_t data_len"
|
|
.Fc
|
|
.Sh DESCRIPTION
|
|
These functions are used to encrypt and decrypt data.
|
|
.Pp
|
|
.Fn krb5_encrypt_ivec
|
|
puts the encrypted version of
|
|
.Fa data
|
|
(of size
|
|
.Fa len )
|
|
in
|
|
.Fa result .
|
|
If the encryption type supports using derived keys,
|
|
.Fa usage
|
|
should be the appropriate key-usage.
|
|
.Fa ivec
|
|
is a pointer to a initial IV, its modified to the end IV at the end of
|
|
the round.
|
|
Ivec should be the size of
|
|
If
|
|
.Dv NULL
|
|
is passed in, the default IV is used.
|
|
.Fn krb5_encrypt
|
|
does the same as
|
|
.Fn krb5_encrypt_ivec
|
|
but with
|
|
.Fa ivec
|
|
being
|
|
.Dv NULL .
|
|
.Fn krb5_encrypt_EncryptedData
|
|
does the same as
|
|
.Fn krb5_encrypt ,
|
|
but it puts the encrypted data in a
|
|
.Fa EncryptedData
|
|
structure instead. If
|
|
.Fa kvno
|
|
is not zero, it will be put in the (optional)
|
|
.Fa kvno
|
|
field in the
|
|
.Fa EncryptedData .
|
|
.Pp
|
|
.Fn krb5_decrypt_ivec ,
|
|
.Fn krb5_decrypt ,
|
|
and
|
|
.Fn krb5_decrypt_EncryptedData
|
|
works similarly.
|
|
.Pp
|
|
.Fn krb5_decrypt_ticket
|
|
decrypts the encrypted part of
|
|
.Fa ticket
|
|
with
|
|
.Fa key .
|
|
.Fn krb5_decrypt_ticket
|
|
also verifies the timestamp in the ticket, invalid flag and if the KDC
|
|
haven't verified the transited path, the transit path.
|
|
.Pp
|
|
.Fn krb5_enctype_keysize ,
|
|
.Fn krb5_crypto_getconfoundersize ,
|
|
.Fn krb5_crypto_getblocksize ,
|
|
.Fn krb5_crypto_getenctype ,
|
|
.Fn krb5_crypto_getpadsize
|
|
all returns various (sometimes) useful information from a crypto context.
|
|
.Pp
|
|
.Fn krb5_enctype_to_string
|
|
converts a encryption type number to a string that can be printable
|
|
and stored. The strings returned should be freed with
|
|
.Xr free 3 .
|
|
.Pp
|
|
.Fn krb5_string_to_enctype
|
|
converts a encryption type strings to a encryption type number that
|
|
can use used for other Kerberos crypto functions.
|
|
.Pp
|
|
.Fn krb5_enctype_valid
|
|
returns 0 if the encrypt is supported and not disabled, otherwise and
|
|
error code is returned.
|
|
.Pp
|
|
.Fn krb5_enctype_disable
|
|
(globally, for all contextes) disables the
|
|
.Fa enctype .
|
|
.Pp
|
|
.Fn krb5_get_wrapped_length
|
|
returns the size of an encrypted packet by
|
|
.Fa crypto
|
|
of length
|
|
.Fa data_len .
|
|
.\" .Sh EXAMPLE
|
|
.\" .Sh BUGS
|
|
.Sh SEE ALSO
|
|
.Xr krb5_create_checksum 3 ,
|
|
.Xr krb5_crypto_init 3
|