1226031Sstas/* 2226031Sstas * Copyright (c) 1997 - 2008 Kungliga Tekniska H��gskolan 3226031Sstas * (Royal Institute of Technology, Stockholm, Sweden). 4226031Sstas * All rights reserved. 5226031Sstas * 6226031Sstas * Redistribution and use in source and binary forms, with or without 7226031Sstas * modification, are permitted provided that the following conditions 8226031Sstas * are met: 9226031Sstas * 10226031Sstas * 1. Redistributions of source code must retain the above copyright 11226031Sstas * notice, this list of conditions and the following disclaimer. 12226031Sstas * 13226031Sstas * 2. Redistributions in binary form must reproduce the above copyright 14226031Sstas * notice, this list of conditions and the following disclaimer in the 15226031Sstas * documentation and/or other materials provided with the distribution. 16226031Sstas * 17226031Sstas * 3. Neither the name of the Institute nor the names of its contributors 18226031Sstas * may be used to endorse or promote products derived from this software 19226031Sstas * without specific prior written permission. 20226031Sstas * 21226031Sstas * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22226031Sstas * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23226031Sstas * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24226031Sstas * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25226031Sstas * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26226031Sstas * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27226031Sstas * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28226031Sstas * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29226031Sstas * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30226031Sstas * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31226031Sstas * SUCH DAMAGE. 32226031Sstas */ 33226031Sstas 34226031Sstas#include "krb5_locl.h" 35226031Sstas 36226031Sstas/* 37226031Sstas * AES 38226031Sstas */ 39226031Sstas 40226031Sstasstatic struct _krb5_key_type keytype_aes128 = { 41226031Sstas ENCTYPE_AES128_CTS_HMAC_SHA1_96, 42226031Sstas "aes-128", 43226031Sstas 128, 44226031Sstas 16, 45226031Sstas sizeof(struct _krb5_evp_schedule), 46226031Sstas NULL, 47226031Sstas _krb5_evp_schedule, 48226031Sstas _krb5_AES_salt, 49226031Sstas NULL, 50226031Sstas _krb5_evp_cleanup, 51226031Sstas EVP_aes_128_cbc 52226031Sstas}; 53226031Sstas 54226031Sstasstatic struct _krb5_key_type keytype_aes256 = { 55226031Sstas ENCTYPE_AES256_CTS_HMAC_SHA1_96, 56226031Sstas "aes-256", 57226031Sstas 256, 58226031Sstas 32, 59226031Sstas sizeof(struct _krb5_evp_schedule), 60226031Sstas NULL, 61226031Sstas _krb5_evp_schedule, 62226031Sstas _krb5_AES_salt, 63226031Sstas NULL, 64226031Sstas _krb5_evp_cleanup, 65226031Sstas EVP_aes_256_cbc 66226031Sstas}; 67226031Sstas 68226031Sstasstruct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128 = { 69226031Sstas CKSUMTYPE_HMAC_SHA1_96_AES_128, 70226031Sstas "hmac-sha1-96-aes128", 71226031Sstas 64, 72226031Sstas 12, 73226031Sstas F_KEYED | F_CPROOF | F_DERIVED, 74226031Sstas _krb5_SP_HMAC_SHA1_checksum, 75226031Sstas NULL 76226031Sstas}; 77226031Sstas 78226031Sstasstruct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256 = { 79226031Sstas CKSUMTYPE_HMAC_SHA1_96_AES_256, 80226031Sstas "hmac-sha1-96-aes256", 81226031Sstas 64, 82226031Sstas 12, 83226031Sstas F_KEYED | F_CPROOF | F_DERIVED, 84226031Sstas _krb5_SP_HMAC_SHA1_checksum, 85226031Sstas NULL 86226031Sstas}; 87226031Sstas 88226031Sstasstatic krb5_error_code 89226031SstasAES_PRF(krb5_context context, 90226031Sstas krb5_crypto crypto, 91226031Sstas const krb5_data *in, 92226031Sstas krb5_data *out) 93226031Sstas{ 94226031Sstas struct _krb5_checksum_type *ct = crypto->et->checksum; 95226031Sstas krb5_error_code ret; 96226031Sstas Checksum result; 97226031Sstas krb5_keyblock *derived; 98226031Sstas 99226031Sstas result.cksumtype = ct->type; 100226031Sstas ret = krb5_data_alloc(&result.checksum, ct->checksumsize); 101226031Sstas if (ret) { 102226031Sstas krb5_set_error_message(context, ret, N_("malloc: out memory", "")); 103226031Sstas return ret; 104226031Sstas } 105226031Sstas 106226031Sstas ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result); 107226031Sstas if (ret) { 108226031Sstas krb5_data_free(&result.checksum); 109226031Sstas return ret; 110226031Sstas } 111226031Sstas 112226031Sstas if (result.checksum.length < crypto->et->blocksize) 113226031Sstas krb5_abortx(context, "internal prf error"); 114226031Sstas 115226031Sstas derived = NULL; 116226031Sstas ret = krb5_derive_key(context, crypto->key.key, 117226031Sstas crypto->et->type, "prf", 3, &derived); 118226031Sstas if (ret) 119226031Sstas krb5_abortx(context, "krb5_derive_key"); 120226031Sstas 121226031Sstas ret = krb5_data_alloc(out, crypto->et->blocksize); 122226031Sstas if (ret) 123226031Sstas krb5_abortx(context, "malloc failed"); 124226031Sstas 125226031Sstas { 126226031Sstas const EVP_CIPHER *c = (*crypto->et->keytype->evp)(); 127226031Sstas EVP_CIPHER_CTX ctx; 128226031Sstas 129226031Sstas EVP_CIPHER_CTX_init(&ctx); /* ivec all zero */ 130226031Sstas EVP_CipherInit_ex(&ctx, c, NULL, derived->keyvalue.data, NULL, 1); 131226031Sstas EVP_Cipher(&ctx, out->data, result.checksum.data, 132226031Sstas crypto->et->blocksize); 133226031Sstas EVP_CIPHER_CTX_cleanup(&ctx); 134226031Sstas } 135226031Sstas 136226031Sstas krb5_data_free(&result.checksum); 137226031Sstas krb5_free_keyblock(context, derived); 138226031Sstas 139226031Sstas return ret; 140226031Sstas} 141226031Sstas 142226031Sstasstruct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha1 = { 143226031Sstas ETYPE_AES128_CTS_HMAC_SHA1_96, 144226031Sstas "aes128-cts-hmac-sha1-96", 145226031Sstas 16, 146226031Sstas 1, 147226031Sstas 16, 148226031Sstas &keytype_aes128, 149226031Sstas &_krb5_checksum_sha1, 150226031Sstas &_krb5_checksum_hmac_sha1_aes128, 151226031Sstas F_DERIVED, 152226031Sstas _krb5_evp_encrypt_cts, 153226031Sstas 16, 154226031Sstas AES_PRF 155226031Sstas}; 156226031Sstas 157226031Sstasstruct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha1 = { 158226031Sstas ETYPE_AES256_CTS_HMAC_SHA1_96, 159226031Sstas "aes256-cts-hmac-sha1-96", 160226031Sstas 16, 161226031Sstas 1, 162226031Sstas 16, 163226031Sstas &keytype_aes256, 164226031Sstas &_krb5_checksum_sha1, 165226031Sstas &_krb5_checksum_hmac_sha1_aes256, 166226031Sstas F_DERIVED, 167226031Sstas _krb5_evp_encrypt_cts, 168226031Sstas 16, 169226031Sstas AES_PRF 170226031Sstas}; 171