1226031Sstas/*
2226031Sstas * Copyright (c) 1997 - 2008 Kungliga Tekniska H��gskolan
3226031Sstas * (Royal Institute of Technology, Stockholm, Sweden).
4226031Sstas * All rights reserved.
5226031Sstas *
6226031Sstas * Redistribution and use in source and binary forms, with or without
7226031Sstas * modification, are permitted provided that the following conditions
8226031Sstas * are met:
9226031Sstas *
10226031Sstas * 1. Redistributions of source code must retain the above copyright
11226031Sstas *    notice, this list of conditions and the following disclaimer.
12226031Sstas *
13226031Sstas * 2. Redistributions in binary form must reproduce the above copyright
14226031Sstas *    notice, this list of conditions and the following disclaimer in the
15226031Sstas *    documentation and/or other materials provided with the distribution.
16226031Sstas *
17226031Sstas * 3. Neither the name of the Institute nor the names of its contributors
18226031Sstas *    may be used to endorse or promote products derived from this software
19226031Sstas *    without specific prior written permission.
20226031Sstas *
21226031Sstas * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22226031Sstas * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23226031Sstas * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24226031Sstas * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25226031Sstas * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26226031Sstas * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27226031Sstas * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28226031Sstas * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29226031Sstas * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30226031Sstas * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31226031Sstas * SUCH DAMAGE.
32226031Sstas */
33226031Sstas
34226031Sstas#include "krb5_locl.h"
35226031Sstas
36226031Sstas/*
37226031Sstas * AES
38226031Sstas */
39226031Sstas
40226031Sstasstatic struct _krb5_key_type keytype_aes128 = {
41226031Sstas    ENCTYPE_AES128_CTS_HMAC_SHA1_96,
42226031Sstas    "aes-128",
43226031Sstas    128,
44226031Sstas    16,
45226031Sstas    sizeof(struct _krb5_evp_schedule),
46226031Sstas    NULL,
47226031Sstas    _krb5_evp_schedule,
48226031Sstas    _krb5_AES_salt,
49226031Sstas    NULL,
50226031Sstas    _krb5_evp_cleanup,
51226031Sstas    EVP_aes_128_cbc
52226031Sstas};
53226031Sstas
54226031Sstasstatic struct _krb5_key_type keytype_aes256 = {
55226031Sstas    ENCTYPE_AES256_CTS_HMAC_SHA1_96,
56226031Sstas    "aes-256",
57226031Sstas    256,
58226031Sstas    32,
59226031Sstas    sizeof(struct _krb5_evp_schedule),
60226031Sstas    NULL,
61226031Sstas    _krb5_evp_schedule,
62226031Sstas    _krb5_AES_salt,
63226031Sstas    NULL,
64226031Sstas    _krb5_evp_cleanup,
65226031Sstas    EVP_aes_256_cbc
66226031Sstas};
67226031Sstas
68226031Sstasstruct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128 = {
69226031Sstas    CKSUMTYPE_HMAC_SHA1_96_AES_128,
70226031Sstas    "hmac-sha1-96-aes128",
71226031Sstas    64,
72226031Sstas    12,
73226031Sstas    F_KEYED | F_CPROOF | F_DERIVED,
74226031Sstas    _krb5_SP_HMAC_SHA1_checksum,
75226031Sstas    NULL
76226031Sstas};
77226031Sstas
78226031Sstasstruct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256 = {
79226031Sstas    CKSUMTYPE_HMAC_SHA1_96_AES_256,
80226031Sstas    "hmac-sha1-96-aes256",
81226031Sstas    64,
82226031Sstas    12,
83226031Sstas    F_KEYED | F_CPROOF | F_DERIVED,
84226031Sstas    _krb5_SP_HMAC_SHA1_checksum,
85226031Sstas    NULL
86226031Sstas};
87226031Sstas
88226031Sstasstatic krb5_error_code
89226031SstasAES_PRF(krb5_context context,
90226031Sstas	krb5_crypto crypto,
91226031Sstas	const krb5_data *in,
92226031Sstas	krb5_data *out)
93226031Sstas{
94226031Sstas    struct _krb5_checksum_type *ct = crypto->et->checksum;
95226031Sstas    krb5_error_code ret;
96226031Sstas    Checksum result;
97226031Sstas    krb5_keyblock *derived;
98226031Sstas
99226031Sstas    result.cksumtype = ct->type;
100226031Sstas    ret = krb5_data_alloc(&result.checksum, ct->checksumsize);
101226031Sstas    if (ret) {
102226031Sstas	krb5_set_error_message(context, ret, N_("malloc: out memory", ""));
103226031Sstas	return ret;
104226031Sstas    }
105226031Sstas
106226031Sstas    ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result);
107226031Sstas    if (ret) {
108226031Sstas	krb5_data_free(&result.checksum);
109226031Sstas	return ret;
110226031Sstas    }
111226031Sstas
112226031Sstas    if (result.checksum.length < crypto->et->blocksize)
113226031Sstas	krb5_abortx(context, "internal prf error");
114226031Sstas
115226031Sstas    derived = NULL;
116226031Sstas    ret = krb5_derive_key(context, crypto->key.key,
117226031Sstas			  crypto->et->type, "prf", 3, &derived);
118226031Sstas    if (ret)
119226031Sstas	krb5_abortx(context, "krb5_derive_key");
120226031Sstas
121226031Sstas    ret = krb5_data_alloc(out, crypto->et->blocksize);
122226031Sstas    if (ret)
123226031Sstas	krb5_abortx(context, "malloc failed");
124226031Sstas
125226031Sstas    {
126226031Sstas	const EVP_CIPHER *c = (*crypto->et->keytype->evp)();
127226031Sstas	EVP_CIPHER_CTX ctx;
128226031Sstas
129226031Sstas	EVP_CIPHER_CTX_init(&ctx); /* ivec all zero */
130226031Sstas	EVP_CipherInit_ex(&ctx, c, NULL, derived->keyvalue.data, NULL, 1);
131226031Sstas	EVP_Cipher(&ctx, out->data, result.checksum.data,
132226031Sstas		   crypto->et->blocksize);
133226031Sstas	EVP_CIPHER_CTX_cleanup(&ctx);
134226031Sstas    }
135226031Sstas
136226031Sstas    krb5_data_free(&result.checksum);
137226031Sstas    krb5_free_keyblock(context, derived);
138226031Sstas
139226031Sstas    return ret;
140226031Sstas}
141226031Sstas
142226031Sstasstruct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha1 = {
143226031Sstas    ETYPE_AES128_CTS_HMAC_SHA1_96,
144226031Sstas    "aes128-cts-hmac-sha1-96",
145226031Sstas    16,
146226031Sstas    1,
147226031Sstas    16,
148226031Sstas    &keytype_aes128,
149226031Sstas    &_krb5_checksum_sha1,
150226031Sstas    &_krb5_checksum_hmac_sha1_aes128,
151226031Sstas    F_DERIVED,
152226031Sstas    _krb5_evp_encrypt_cts,
153226031Sstas    16,
154226031Sstas    AES_PRF
155226031Sstas};
156226031Sstas
157226031Sstasstruct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha1 = {
158226031Sstas    ETYPE_AES256_CTS_HMAC_SHA1_96,
159226031Sstas    "aes256-cts-hmac-sha1-96",
160226031Sstas    16,
161226031Sstas    1,
162226031Sstas    16,
163226031Sstas    &keytype_aes256,
164226031Sstas    &_krb5_checksum_sha1,
165226031Sstas    &_krb5_checksum_hmac_sha1_aes256,
166226031Sstas    F_DERIVED,
167226031Sstas    _krb5_evp_encrypt_cts,
168226031Sstas    16,
169226031Sstas    AES_PRF
170226031Sstas};
171