aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/crypto/krb/etypes.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/crypto/krb/etypes.c')
-rw-r--r--src/lib/crypto/krb/etypes.c33
1 files changed, 18 insertions, 15 deletions
diff --git a/src/lib/crypto/krb/etypes.c b/src/lib/crypto/krb/etypes.c
index 0e5e977d418a..53d4a5c79b47 100644
--- a/src/lib/crypto/krb/etypes.c
+++ b/src/lib/crypto/krb/etypes.c
@@ -42,7 +42,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
krb5int_des_string_to_key, k5_rand2key_des,
krb5int_des_prf,
CKSUMTYPE_RSA_MD5_DES,
- ETYPE_WEAK },
+ ETYPE_WEAK, 56 },
{ ENCTYPE_DES_CBC_MD4,
"des-cbc-md4", { 0 }, "DES cbc mode with RSA-MD4",
&krb5int_enc_des, &krb5int_hash_md4,
@@ -51,7 +51,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
krb5int_des_string_to_key, k5_rand2key_des,
krb5int_des_prf,
CKSUMTYPE_RSA_MD4_DES,
- ETYPE_WEAK },
+ ETYPE_WEAK, 56 },
{ ENCTYPE_DES_CBC_MD5,
"des-cbc-md5", { "des" }, "DES cbc mode with RSA-MD5",
&krb5int_enc_des, &krb5int_hash_md5,
@@ -60,7 +60,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
krb5int_des_string_to_key, k5_rand2key_des,
krb5int_des_prf,
CKSUMTYPE_RSA_MD5_DES,
- ETYPE_WEAK },
+ ETYPE_WEAK, 56 },
{ ENCTYPE_DES_CBC_RAW,
"des-cbc-raw", { 0 }, "DES cbc mode raw",
&krb5int_enc_des, NULL,
@@ -69,7 +69,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
krb5int_des_string_to_key, k5_rand2key_des,
krb5int_des_prf,
0,
- ETYPE_WEAK },
+ ETYPE_WEAK, 56 },
{ ENCTYPE_DES3_CBC_RAW,
"des3-cbc-raw", { 0 }, "Triple DES cbc mode raw",
&krb5int_enc_des3, NULL,
@@ -78,7 +78,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
krb5int_dk_string_to_key, k5_rand2key_des3,
NULL, /*PRF*/
0,
- ETYPE_WEAK },
+ ETYPE_WEAK, 112 },
{ ENCTYPE_DES3_CBC_SHA1,
"des3-cbc-sha1", { "des3-hmac-sha1", "des3-cbc-sha1-kd" },
@@ -89,7 +89,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
krb5int_dk_string_to_key, k5_rand2key_des3,
krb5int_dk_prf,
CKSUMTYPE_HMAC_SHA1_DES3,
- 0 /*flags*/ },
+ 0 /*flags*/, 112 },
{ ENCTYPE_DES_HMAC_SHA1,
"des-hmac-sha1", { 0 }, "DES with HMAC/sha1",
@@ -99,7 +99,10 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
krb5int_dk_string_to_key, k5_rand2key_des,
NULL, /*PRF*/
0,
- ETYPE_WEAK },
+ ETYPE_WEAK, 56 },
+
+ /* rc4-hmac uses a 128-bit key, but due to weaknesses in the RC4 cipher, we
+ * consider its strength degraded and assign it an SSF value of 64. */
{ ENCTYPE_ARCFOUR_HMAC,
"arcfour-hmac", { "rc4-hmac", "arcfour-hmac-md5" },
"ArcFour with HMAC/md5",
@@ -110,7 +113,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key,
k5_rand2key_direct, krb5int_arcfour_prf,
CKSUMTYPE_HMAC_MD5_ARCFOUR,
- 0 /*flags*/ },
+ 0 /*flags*/, 64 },
{ ENCTYPE_ARCFOUR_HMAC_EXP,
"arcfour-hmac-exp", { "rc4-hmac-exp", "arcfour-hmac-md5-exp" },
"Exportable ArcFour with HMAC/md5",
@@ -121,7 +124,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key,
k5_rand2key_direct, krb5int_arcfour_prf,
CKSUMTYPE_HMAC_MD5_ARCFOUR,
- ETYPE_WEAK
+ ETYPE_WEAK, 40
},
{ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
@@ -133,7 +136,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
krb5int_aes_string_to_key, k5_rand2key_direct,
krb5int_dk_prf,
CKSUMTYPE_HMAC_SHA1_96_AES128,
- 0 /*flags*/ },
+ 0 /*flags*/, 128 },
{ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
"aes256-cts-hmac-sha1-96", { "aes256-cts", "aes256-sha1" },
"AES-256 CTS mode with 96-bit SHA-1 HMAC",
@@ -143,7 +146,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
krb5int_aes_string_to_key, k5_rand2key_direct,
krb5int_dk_prf,
CKSUMTYPE_HMAC_SHA1_96_AES256,
- 0 /*flags*/ },
+ 0 /*flags*/, 256 },
{ ENCTYPE_CAMELLIA128_CTS_CMAC,
"camellia128-cts-cmac", { "camellia128-cts" },
@@ -155,7 +158,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
krb5int_camellia_string_to_key, k5_rand2key_direct,
krb5int_dk_cmac_prf,
CKSUMTYPE_CMAC_CAMELLIA128,
- 0 /*flags*/ },
+ 0 /*flags*/, 128 },
{ ENCTYPE_CAMELLIA256_CTS_CMAC,
"camellia256-cts-cmac", { "camellia256-cts" },
"Camellia-256 CTS mode with CMAC",
@@ -166,7 +169,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
krb5int_camellia_string_to_key, k5_rand2key_direct,
krb5int_dk_cmac_prf,
CKSUMTYPE_CMAC_CAMELLIA256,
- 0 /*flags */ },
+ 0 /*flags */, 256 },
{ ENCTYPE_AES128_CTS_HMAC_SHA256_128,
"aes128-cts-hmac-sha256-128", { "aes128-sha2" },
@@ -177,7 +180,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
krb5int_aes2_string_to_key, k5_rand2key_direct,
krb5int_aes2_prf,
CKSUMTYPE_HMAC_SHA256_128_AES128,
- 0 /*flags*/ },
+ 0 /*flags*/, 128 },
{ ENCTYPE_AES256_CTS_HMAC_SHA384_192,
"aes256-cts-hmac-sha384-192", { "aes256-sha2" },
"AES-256 CTS mode with 192-bit SHA-384 HMAC",
@@ -187,7 +190,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
krb5int_aes2_string_to_key, k5_rand2key_direct,
krb5int_aes2_prf,
CKSUMTYPE_HMAC_SHA384_192_AES256,
- 0 /*flags*/ },
+ 0 /*flags*/, 256 },
};
const int krb5int_enctypes_length =