1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
/*
Unix SMB/CIFS implementation.
Group Key Distribution Protocol functions
Copyright (C) Catalyst.Net Ltd 2023
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#ifndef LIB_CRYPTO_GKDI_H
#define LIB_CRYPTO_GKDI_H
#include <stdint.h>
#include <gnutls/gnutls.h>
#include "lib/util/data_blob.h"
#include "libcli/util/ntstatus.h"
#include "librpc/gen_ndr/misc.h"
#include "lib/util/time.h"
#include "talloc.h"
enum KdfAlgorithmId {
KDF_ALGORITHM_SP800_108_CTR_HMAC,
};
enum KdfSp800_108Param {
KDF_PARAM_SHA1,
KDF_PARAM_SHA256,
KDF_PARAM_SHA384,
KDF_PARAM_SHA512,
};
struct KdfAlgorithm {
union {
enum KdfSp800_108Param sp800_108;
} param;
enum KdfAlgorithmId id;
};
enum {
root_key_version_1 = 1,
};
struct ProvRootKey {
struct GUID id;
DATA_BLOB data;
NTTIME create_time;
NTTIME use_start_time;
const char *domain_id;
struct KdfAlgorithm kdf_algorithm;
int32_t version;
};
struct Gkid {
int32_t l0_idx;
int8_t l1_idx; /* [range(0, 31)] */
int8_t l2_idx; /* [range(0, 31)] */
};
enum GkidType {
GKID_DEFAULT = -1,
GKID_L0_SEED_KEY = 0,
GKID_L1_SEED_KEY = 1,
GKID_L2_SEED_KEY = 2,
};
static const int gkdi_l1_key_iteration = 32;
static const int gkdi_l2_key_iteration = 32;
static const int64_t gkdi_key_cycle_duration = 360000000000;
static const int64_t gkdi_max_clock_skew = 3000000000;
#define GKDI_KEY_LEN 64
gnutls_mac_algorithm_t get_sp800_108_mac_algorithm(
const struct KdfAlgorithm kdf_algorithm);
NTSTATUS compute_seed_key(
TALLOC_CTX *mem_ctx,
const DATA_BLOB target_security_descriptor,
const struct ProvRootKey *const root_key,
const struct Gkid gkid,
uint8_t out[static const GKDI_KEY_LEN]);
#endif /* LIB_CRYPTO_GKDI_H */
|
