/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <etypes.h>
#include <security/cryptoki.h>
/*
* get_algo
*
* This routine provides a mapping from Kerberos encryption
* and hash types to PKCS#11 encryption and hash types.
*/
{
switch (etype) {
case ENCTYPE_DES_CBC_CRC:
algos->str2key_algo = 0;
return (CKR_OK);
case ENCTYPE_DES_CBC_MD5:
algos->str2key_algo = 0;
return (CKR_OK);
case ENCTYPE_DES_CBC_RAW:
algos->str2key_algo = 0;
return (CKR_OK);
case ENCTYPE_DES_HMAC_SHA1:
algos->str2key_algo = 0;
return (CKR_OK);
case ENCTYPE_DES3_CBC_SHA1:
algos->str2key_algo = 0;
return (CKR_OK);
case ENCTYPE_DES3_CBC_RAW:
algos->str2key_algo = 0;
return (CKR_OK);
case ENCTYPE_ARCFOUR_HMAC:
case ENCTYPE_ARCFOUR_HMAC_EXP:
algos->str2key_algo = 0;
return (CKR_OK);
return (CKR_OK);
}
return (CKR_MECHANISM_INVALID);
}
/*
* get_key_type
*
* map Kerberos key types to PKCS#11 key type values.
*/
{
switch (etype) {
case ENCTYPE_DES_CBC_CRC:
case ENCTYPE_DES_CBC_MD5:
case ENCTYPE_DES_CBC_RAW:
case ENCTYPE_DES_HMAC_SHA1:
return (CKR_OK);
case ENCTYPE_DES3_CBC_SHA1:
case ENCTYPE_DES3_CBC_RAW:
return (CKR_OK);
return (CKR_OK);
case ENCTYPE_ARCFOUR_HMAC:
case ENCTYPE_ARCFOUR_HMAC_EXP:
return (CKR_OK);
}
/* There's no appropriate error. Just return the general one */
return (CKR_GENERAL_ERROR);
}
/*
* slot_supports_krb5
*
* Determine whether the PKCS#11 "slot" supports the necessary
* crypto needed for Kerberos functionality.
*
* Return values:
* TRUE = The given slot is OK for Kerberos
* FALSE = Not ok, try something else.
*/
{
int i;
int enctypes_found = 0;
for (i = 0; i < krb5_enctypes_length; i++) {
/*
* If the algorithm is not available, disable
* this enctype so kerberos doesn't try to use it
* again.
*/
continue;
}
if (ENC_DEFINED(algos)) {
"for encr algorith %s: 0x%x\n",
rv);
return (FALSE);
}
/*
* If the encryption algorithm is supported,
* make sure it supports the correct key sizes.
* If not, disable this enctype and continue.
*/
"<unsupported>";
"<unsupported>";
continue;
}
return (FALSE);
}
if (HASH_DEFINED(algos)) {
&info);
"for hash algorithm %s: 0x%x\n",
rv);
return (FALSE);
}
return (FALSE);
}
if (algos.str2key_algo != 0) {
&info);
"for str2key algorithm: 0x%x\n", rv);
return (FALSE);
}
}
}
/*
* If NO enctypes were found to be supported, return FALSE.
*/
if (!enctypes_found) {
"No crypto support available from PKCS#11.");
return (FALSE);
}
return (TRUE);
}