Line data Source code
1 : /*
2 : * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions
8 : * are met:
9 : *
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : *
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * 3. Neither the name of the Institute nor the names of its contributors
18 : * may be used to endorse or promote products derived from this software
19 : * without specific prior written permission.
20 : *
21 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 : * SUCH DAMAGE.
32 : */
33 :
34 : #include "krb5_locl.h"
35 :
36 : /*
37 : * AES
38 : */
39 :
40 : static struct _krb5_key_type keytype_aes128_sha1 = {
41 : KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96,
42 : "aes-128",
43 : 128,
44 : 16,
45 : sizeof(struct _krb5_evp_schedule),
46 : NULL,
47 : _krb5_evp_schedule,
48 : _krb5_AES_SHA1_salt,
49 : NULL,
50 : _krb5_evp_cleanup,
51 : EVP_aes_128_cbc
52 : };
53 :
54 : static struct _krb5_key_type keytype_aes256_sha1 = {
55 : KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
56 : "aes-256",
57 : 256,
58 : 32,
59 : sizeof(struct _krb5_evp_schedule),
60 : NULL,
61 : _krb5_evp_schedule,
62 : _krb5_AES_SHA1_salt,
63 : NULL,
64 : _krb5_evp_cleanup,
65 : EVP_aes_256_cbc
66 : };
67 :
68 : struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128 = {
69 : CKSUMTYPE_HMAC_SHA1_96_AES_128,
70 : "hmac-sha1-96-aes128",
71 : 64,
72 : 12,
73 : F_KEYED | F_CPROOF | F_DERIVED,
74 : _krb5_SP_HMAC_SHA1_checksum,
75 : _krb5_SP_HMAC_SHA1_verify
76 : };
77 :
78 : struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256 = {
79 : CKSUMTYPE_HMAC_SHA1_96_AES_256,
80 : "hmac-sha1-96-aes256",
81 : 64,
82 : 12,
83 : F_KEYED | F_CPROOF | F_DERIVED,
84 : _krb5_SP_HMAC_SHA1_checksum,
85 : _krb5_SP_HMAC_SHA1_verify
86 : };
87 :
88 : static krb5_error_code
89 706544 : AES_SHA1_PRF(krb5_context context,
90 : krb5_crypto crypto,
91 : const krb5_data *in,
92 : krb5_data *out)
93 : {
94 706544 : struct _krb5_checksum_type *ct = crypto->et->checksum;
95 26528 : struct krb5_crypto_iov iov[1];
96 26528 : krb5_error_code ret;
97 26528 : Checksum result;
98 26528 : krb5_keyblock *derived;
99 :
100 706544 : result.cksumtype = ct->type;
101 706544 : ret = krb5_data_alloc(&result.checksum, ct->checksumsize);
102 706544 : if (ret) {
103 0 : krb5_set_error_message(context, ret, N_("malloc: out memory", ""));
104 0 : return ret;
105 : }
106 :
107 706544 : iov[0].data = *in;
108 706544 : iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
109 706544 : ret = (*ct->checksum)(context, crypto, NULL, 0, iov, 1, &result);
110 706544 : if (ret) {
111 0 : krb5_data_free(&result.checksum);
112 0 : return ret;
113 : }
114 :
115 706544 : if (result.checksum.length < crypto->et->blocksize)
116 0 : krb5_abortx(context, "internal prf error");
117 :
118 706544 : derived = NULL;
119 706544 : ret = krb5_derive_key(context, crypto->key.key,
120 680016 : crypto->et->type, "prf", 3, &derived);
121 706544 : if (ret)
122 0 : krb5_abortx(context, "krb5_derive_key");
123 :
124 706544 : ret = krb5_data_alloc(out, crypto->et->blocksize);
125 706544 : if (ret)
126 0 : krb5_abortx(context, "malloc failed");
127 :
128 : {
129 706544 : const EVP_CIPHER *c = (*crypto->et->keytype->evp)();
130 26528 : EVP_CIPHER_CTX ctx;
131 :
132 706544 : EVP_CIPHER_CTX_init(&ctx); /* ivec all zero */
133 706544 : EVP_CipherInit_ex(&ctx, c, NULL, derived->keyvalue.data, NULL, 1);
134 706544 : EVP_Cipher(&ctx, out->data, result.checksum.data,
135 706544 : crypto->et->blocksize);
136 706544 : EVP_CIPHER_CTX_cleanup(&ctx);
137 : }
138 :
139 706544 : krb5_data_free(&result.checksum);
140 706544 : krb5_free_keyblock(context, derived);
141 :
142 706544 : return ret;
143 : }
144 :
145 : struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha1 = {
146 : ETYPE_AES128_CTS_HMAC_SHA1_96,
147 : "aes128-cts-hmac-sha1-96",
148 : "aes128-cts",
149 : 16,
150 : 1,
151 : 16,
152 : &keytype_aes128_sha1,
153 : &_krb5_checksum_sha1,
154 : &_krb5_checksum_hmac_sha1_aes128,
155 : F_DERIVED | F_RFC3961_ENC | F_RFC3961_KDF,
156 : _krb5_evp_encrypt_cts,
157 : _krb5_evp_encrypt_iov_cts,
158 : 16,
159 : AES_SHA1_PRF
160 : };
161 :
162 : struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha1 = {
163 : ETYPE_AES256_CTS_HMAC_SHA1_96,
164 : "aes256-cts-hmac-sha1-96",
165 : "aes256-cts",
166 : 16,
167 : 1,
168 : 16,
169 : &keytype_aes256_sha1,
170 : &_krb5_checksum_sha1,
171 : &_krb5_checksum_hmac_sha1_aes256,
172 : F_DERIVED | F_RFC3961_ENC | F_RFC3961_KDF,
173 : _krb5_evp_encrypt_cts,
174 : _krb5_evp_encrypt_iov_cts,
175 : 16,
176 : AES_SHA1_PRF
177 : };
|
