search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
krb5: implement draft-ietf-kitten-aes-cts-hmac-sha2-07
[heimdal.git] / lib / krb5 / crypto-aes-sha2.c
blob4630ce071527676ff6f7ff7dae77e483ff2e804b
1 /*
2 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35
36 /*
37 * AES HMAC-SHA2
38 */
39
40 krb5_error_code
41 _krb5_aes_sha2_md_for_enctype(krb5_context context,
42 krb5_enctype enctype,
43 const EVP_MD **md)
44 {
45 switch (enctype) {
46 case ETYPE_AES128_CTS_HMAC_SHA256_128:
47 *md = EVP_sha256();
48 break;
49 case ETYPE_AES256_CTS_HMAC_SHA384_192:
50 *md = EVP_sha384();
51 break;
52 default:
53 return KRB5_PROG_ETYPE_NOSUPP;
54 break;
55 }
56 return 0;
57 }
58
59 static krb5_error_code
60 SP_HMAC_SHA2_checksum(krb5_context context,
61 struct _krb5_key_data *key,
62 const void *data,
63 size_t len,
64 unsigned usage,
65 Checksum *result)
66 {
67 krb5_error_code ret;
68 const EVP_MD *md;
69 unsigned char hmac[EVP_MAX_MD_SIZE];
70 unsigned int hmaclen = sizeof(hmac);
71
72 ret = _krb5_aes_sha2_md_for_enctype(context, key->key->keytype, &md);
73 if (ret)
74 return ret;
75
76 HMAC(md, key->key->keyvalue.data, key->key->keyvalue.length,
77 data, len, hmac, &hmaclen);
78
79 heim_assert(result->checksum.length <= hmaclen, "SHA2 internal error");
80
81 memcpy(result->checksum.data, hmac, result->checksum.length);
82
83 return 0;
84 }
85
86 static struct _krb5_key_type keytype_aes128_sha2 = {
87 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128,
88 "aes-128-sha2",
89 128,
90 16,
91 sizeof(struct _krb5_evp_schedule),
92 NULL,
93 _krb5_evp_schedule,
94 _krb5_AES_SHA2_salt,
95 NULL,
96 _krb5_evp_cleanup,
97 EVP_aes_128_cbc
98 };
99
100 static struct _krb5_key_type keytype_aes256_sha2 = {
101 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192,
102 "aes-256-sha2",
103 256,
104 32,
105 sizeof(struct _krb5_evp_schedule),
106 NULL,
107 _krb5_evp_schedule,
108 _krb5_AES_SHA2_salt,
109 NULL,
110 _krb5_evp_cleanup,
111 EVP_aes_256_cbc
112 };
113
114 struct _krb5_checksum_type _krb5_checksum_hmac_sha256_128_aes128 = {
115 CKSUMTYPE_HMAC_SHA256_128_AES128,
116 "hmac-sha256-128-aes128",
117 64,
118 16,
119 F_KEYED | F_CPROOF | F_DERIVED,
120 SP_HMAC_SHA2_checksum,
121 NULL
122 };
123
124 struct _krb5_checksum_type _krb5_checksum_hmac_sha384_192_aes256 = {
125 CKSUMTYPE_HMAC_SHA384_192_AES256,
126 "hmac-sha384-192-aes256",
127 128,
128 24,
129 F_KEYED | F_CPROOF | F_DERIVED,
130 SP_HMAC_SHA2_checksum,
131 NULL
132 };
133
134 static krb5_error_code
135 AES_SHA2_PRF(krb5_context context,
136 krb5_crypto crypto,
137 const krb5_data *in,
138 krb5_data *out)
139 {
140 krb5_error_code ret;
141 krb5_data label;
142 const EVP_MD *md = NULL;
143
144 ret = _krb5_aes_sha2_md_for_enctype(context, crypto->et->type, &md);
145 if (ret)
146 return ret;
147
148 label.data = "prf";
149 label.length = 3;
150
151 ret = krb5_data_alloc(out, EVP_MD_size(md));
152 if (ret)
153 return ret;
154
155 ret = _krb5_SP800_108_HMAC_KDF(context, &crypto->key.key->keyvalue,
156 &label, in, md, out);
157
158 if (ret)
159 krb5_data_free(out);
160
161 return ret;
162 }
163
164 struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha256_128 = {
165 ETYPE_AES128_CTS_HMAC_SHA256_128,
166 "aes128-cts-hmac-sha256-128",
167 "aes128-cts-sha256",
168 16,
169 1,
170 16,
171 &keytype_aes128_sha2,
172 NULL, /* should never be called */
173 &_krb5_checksum_hmac_sha256_128_aes128,
174 F_DERIVED | F_ENC_THEN_CKSUM | F_SP800_108_HMAC_KDF,
175 _krb5_evp_encrypt_cts,
176 16,
177 AES_SHA2_PRF
178 };
179
180 struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha384_192 = {
181 ETYPE_AES256_CTS_HMAC_SHA384_192,
182 "aes256-cts-hmac-sha384-192",
183 "aes256-cts-sha384",
184 16,
185 1,
186 16,
187 &keytype_aes256_sha2,
188 NULL, /* should never be called */
189 &_krb5_checksum_hmac_sha384_192_aes256,
190 F_DERIVED | F_ENC_THEN_CKSUM | F_SP800_108_HMAC_KDF,
191 _krb5_evp_encrypt_cts,
192 16,
193 AES_SHA2_PRF
194 };
Heimdal