2 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
41 _krb5_aes_sha2_md_for_enctype(krb5_context context
,
46 case ETYPE_AES128_CTS_HMAC_SHA256_128
:
49 case ETYPE_AES256_CTS_HMAC_SHA384_192
:
53 return KRB5_PROG_ETYPE_NOSUPP
;
59 static krb5_error_code
60 SP_HMAC_SHA2_checksum(krb5_context context
,
61 struct _krb5_key_data
*key
,
69 unsigned char hmac
[EVP_MAX_MD_SIZE
];
70 unsigned int hmaclen
= sizeof(hmac
);
72 ret
= _krb5_aes_sha2_md_for_enctype(context
, key
->key
->keytype
, &md
);
76 HMAC(md
, key
->key
->keyvalue
.data
, key
->key
->keyvalue
.length
,
77 data
, len
, hmac
, &hmaclen
);
79 heim_assert(result
->checksum
.length
<= hmaclen
, "SHA2 internal error");
81 memcpy(result
->checksum
.data
, hmac
, result
->checksum
.length
);
86 static struct _krb5_key_type keytype_aes128_sha2
= {
87 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128
,
91 sizeof(struct _krb5_evp_schedule
),
100 static struct _krb5_key_type keytype_aes256_sha2
= {
101 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192
,
105 sizeof(struct _krb5_evp_schedule
),
114 struct _krb5_checksum_type _krb5_checksum_hmac_sha256_128_aes128
= {
115 CKSUMTYPE_HMAC_SHA256_128_AES128
,
116 "hmac-sha256-128-aes128",
119 F_KEYED
| F_CPROOF
| F_DERIVED
,
120 SP_HMAC_SHA2_checksum
,
124 struct _krb5_checksum_type _krb5_checksum_hmac_sha384_192_aes256
= {
125 CKSUMTYPE_HMAC_SHA384_192_AES256
,
126 "hmac-sha384-192-aes256",
129 F_KEYED
| F_CPROOF
| F_DERIVED
,
130 SP_HMAC_SHA2_checksum
,
134 static krb5_error_code
135 AES_SHA2_PRF(krb5_context context
,
142 const EVP_MD
*md
= NULL
;
144 ret
= _krb5_aes_sha2_md_for_enctype(context
, crypto
->et
->type
, &md
);
151 ret
= krb5_data_alloc(out
, EVP_MD_size(md
));
155 ret
= _krb5_SP800_108_HMAC_KDF(context
, &crypto
->key
.key
->keyvalue
,
156 &label
, in
, md
, out
);
164 struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha256_128
= {
165 ETYPE_AES128_CTS_HMAC_SHA256_128
,
166 "aes128-cts-hmac-sha256-128",
171 &keytype_aes128_sha2
,
172 NULL
, /* should never be called */
173 &_krb5_checksum_hmac_sha256_128_aes128
,
174 F_DERIVED
| F_ENC_THEN_CKSUM
| F_SP800_108_HMAC_KDF
,
175 _krb5_evp_encrypt_cts
,
180 struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha384_192
= {
181 ETYPE_AES256_CTS_HMAC_SHA384_192
,
182 "aes256-cts-hmac-sha384-192",
187 &keytype_aes256_sha2
,
188 NULL
, /* should never be called */
189 &_krb5_checksum_hmac_sha384_192_aes256
,
190 F_DERIVED
| F_ENC_THEN_CKSUM
| F_SP800_108_HMAC_KDF
,
191 _krb5_evp_encrypt_cts
,