xref: /netbsd-src/crypto/external/bsd/heimdal/dist/lib/krb5/crypto-aes-sha1.c (revision afab4e300d3a9fb07dd8c80daf53d0feb3345706) 
1*afab4e30Schristos /*	$NetBSD: crypto-aes-sha1.c,v 1.5 2023/06/19 21:41:44 christos Exp $	*/
2b9d004c6Schristos 
3b9d004c6Schristos /*
4b9d004c6Schristos  * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
5b9d004c6Schristos  * (Royal Institute of Technology, Stockholm, Sweden).
6b9d004c6Schristos  * All rights reserved.
7b9d004c6Schristos  *
8b9d004c6Schristos  * Redistribution and use in source and binary forms, with or without
9b9d004c6Schristos  * modification, are permitted provided that the following conditions
10b9d004c6Schristos  * are met:
11b9d004c6Schristos  *
12b9d004c6Schristos  * 1. Redistributions of source code must retain the above copyright
13b9d004c6Schristos  *    notice, this list of conditions and the following disclaimer.
14b9d004c6Schristos  *
15b9d004c6Schristos  * 2. Redistributions in binary form must reproduce the above copyright
16b9d004c6Schristos  *    notice, this list of conditions and the following disclaimer in the
17b9d004c6Schristos  *    documentation and/or other materials provided with the distribution.
18b9d004c6Schristos  *
19b9d004c6Schristos  * 3. Neither the name of the Institute nor the names of its contributors
20b9d004c6Schristos  *    may be used to endorse or promote products derived from this software
21b9d004c6Schristos  *    without specific prior written permission.
22b9d004c6Schristos  *
23b9d004c6Schristos  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24b9d004c6Schristos  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25b9d004c6Schristos  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26b9d004c6Schristos  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27b9d004c6Schristos  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28b9d004c6Schristos  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29b9d004c6Schristos  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30b9d004c6Schristos  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31b9d004c6Schristos  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32b9d004c6Schristos  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33b9d004c6Schristos  * SUCH DAMAGE.
34b9d004c6Schristos  */
35b9d004c6Schristos 
36b9d004c6Schristos #include "krb5_locl.h"
37b9d004c6Schristos 
38b9d004c6Schristos /*
39b9d004c6Schristos  * AES
40b9d004c6Schristos  */
41b9d004c6Schristos 
42b9d004c6Schristos static struct _krb5_key_type keytype_aes128_sha1 = {
43b9d004c6Schristos     KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96,
44b9d004c6Schristos     "aes-128",
45b9d004c6Schristos     128,
46b9d004c6Schristos     16,
47b9d004c6Schristos     sizeof(struct _krb5_evp_schedule),
48b9d004c6Schristos     NULL,
49b9d004c6Schristos     _krb5_evp_schedule,
50b9d004c6Schristos     _krb5_AES_SHA1_salt,
51b9d004c6Schristos     NULL,
52b9d004c6Schristos     _krb5_evp_cleanup,
53b9d004c6Schristos     EVP_aes_128_cbc
54b9d004c6Schristos };
55b9d004c6Schristos 
56b9d004c6Schristos static struct _krb5_key_type keytype_aes256_sha1 = {
57b9d004c6Schristos     KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
58b9d004c6Schristos     "aes-256",
59b9d004c6Schristos     256,
60b9d004c6Schristos     32,
61b9d004c6Schristos     sizeof(struct _krb5_evp_schedule),
62b9d004c6Schristos     NULL,
63b9d004c6Schristos     _krb5_evp_schedule,
64b9d004c6Schristos     _krb5_AES_SHA1_salt,
65b9d004c6Schristos     NULL,
66b9d004c6Schristos     _krb5_evp_cleanup,
67b9d004c6Schristos     EVP_aes_256_cbc
68b9d004c6Schristos };
69b9d004c6Schristos 
70b9d004c6Schristos struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128 = {
71b9d004c6Schristos     CKSUMTYPE_HMAC_SHA1_96_AES_128,
72b9d004c6Schristos     "hmac-sha1-96-aes128",
73b9d004c6Schristos     64,
74b9d004c6Schristos     12,
75b9d004c6Schristos     F_KEYED | F_CPROOF | F_DERIVED,
76b9d004c6Schristos     _krb5_SP_HMAC_SHA1_checksum,
77b9d004c6Schristos     NULL
78b9d004c6Schristos };
79b9d004c6Schristos 
80b9d004c6Schristos struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256 = {
81b9d004c6Schristos     CKSUMTYPE_HMAC_SHA1_96_AES_256,
82b9d004c6Schristos     "hmac-sha1-96-aes256",
83b9d004c6Schristos     64,
84b9d004c6Schristos     12,
85b9d004c6Schristos     F_KEYED | F_CPROOF | F_DERIVED,
86b9d004c6Schristos     _krb5_SP_HMAC_SHA1_checksum,
87b9d004c6Schristos     NULL
88b9d004c6Schristos };
89b9d004c6Schristos 
90b9d004c6Schristos static krb5_error_code
AES_SHA1_PRF(krb5_context context,krb5_crypto crypto,const krb5_data * in,krb5_data * out)91b9d004c6Schristos AES_SHA1_PRF(krb5_context context,
92b9d004c6Schristos 	     krb5_crypto crypto,
93b9d004c6Schristos 	     const krb5_data *in,
94b9d004c6Schristos 	     krb5_data *out)
95b9d004c6Schristos {
96b9d004c6Schristos     struct _krb5_checksum_type *ct = crypto->et->checksum;
97b9d004c6Schristos     krb5_error_code ret;
98b9d004c6Schristos     Checksum result;
99b9d004c6Schristos     krb5_keyblock *derived;
100b9d004c6Schristos 
101b9d004c6Schristos     result.cksumtype = ct->type;
102b9d004c6Schristos     ret = krb5_data_alloc(&result.checksum, ct->checksumsize);
103b9d004c6Schristos     if (ret) {
104b9d004c6Schristos 	krb5_set_error_message(context, ret, N_("malloc: out memory", ""));
105b9d004c6Schristos 	return ret;
106b9d004c6Schristos     }
107b9d004c6Schristos 
108b9d004c6Schristos     ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result);
109b9d004c6Schristos     if (ret) {
110b9d004c6Schristos 	krb5_data_free(&result.checksum);
111b9d004c6Schristos 	return ret;
112b9d004c6Schristos     }
113b9d004c6Schristos 
114b9d004c6Schristos     if (result.checksum.length < crypto->et->blocksize)
115b9d004c6Schristos 	krb5_abortx(context, "internal prf error");
116b9d004c6Schristos 
117b9d004c6Schristos     derived = NULL;
118b9d004c6Schristos     ret = krb5_derive_key(context, crypto->key.key,
119b9d004c6Schristos 			  crypto->et->type, "prf", 3, &derived);
120b9d004c6Schristos     if (ret)
121b9d004c6Schristos 	krb5_abortx(context, "krb5_derive_key");
122b9d004c6Schristos 
123b9d004c6Schristos     ret = krb5_data_alloc(out, crypto->et->blocksize);
124b9d004c6Schristos     if (ret)
125b9d004c6Schristos 	krb5_abortx(context, "malloc failed");
126b9d004c6Schristos 
127b9d004c6Schristos     {
128b9d004c6Schristos 	const EVP_CIPHER *c = (*crypto->et->keytype->evp)();
1296680b65dSchristos 	EVP_CIPHER_CTX *ctx;
1306680b65dSchristos #if OPENSSL_VERSION_NUMBER < 0x10100000UL
1316680b65dSchristos 	EVP_CIPHER_CTX ctxst;
1326680b65dSchristos 	ctx = &ctxst;
1336680b65dSchristos 	EVP_CIPHER_CTX_init(ctx); /* ivec all zero */
1346680b65dSchristos #else
1356680b65dSchristos 	ctx = EVP_CIPHER_CTX_new(); /* ivec all zero */
1366680b65dSchristos #endif
1377b2118deSchristos 	if (EVP_CipherInit_ex(ctx, c, NULL, derived->keyvalue.data, NULL, 1)) {
1386680b65dSchristos 	    EVP_Cipher(ctx, out->data, result.checksum.data,
139b9d004c6Schristos 		       crypto->et->blocksize);
1407b2118deSchristos 	    ret = EINVAL;
1417b2118deSchristos 	    krb5_set_error_message(context, ret, "Cannot initialize cipher");
1427b2118deSchristos 	}
1436680b65dSchristos #if OPENSSL_VERSION_NUMBER < 0x10100000UL
1446680b65dSchristos 	EVP_CIPHER_CTX_cleanup(ctx);
1456680b65dSchristos #else
1466680b65dSchristos 	EVP_CIPHER_CTX_free(ctx);
1476680b65dSchristos #endif
148b9d004c6Schristos     }
149b9d004c6Schristos 
150b9d004c6Schristos     krb5_data_free(&result.checksum);
151b9d004c6Schristos     krb5_free_keyblock(context, derived);
152b9d004c6Schristos 
153b9d004c6Schristos     return ret;
154b9d004c6Schristos }
155b9d004c6Schristos 
156b9d004c6Schristos struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha1 = {
157b9d004c6Schristos     ETYPE_AES128_CTS_HMAC_SHA1_96,
158b9d004c6Schristos     "aes128-cts-hmac-sha1-96",
159b9d004c6Schristos     "aes128-cts",
160b9d004c6Schristos     16,
161b9d004c6Schristos     1,
162b9d004c6Schristos     16,
163b9d004c6Schristos     &keytype_aes128_sha1,
164b9d004c6Schristos     &_krb5_checksum_sha1,
165b9d004c6Schristos     &_krb5_checksum_hmac_sha1_aes128,
166b9d004c6Schristos     F_DERIVED | F_RFC3961_ENC | F_RFC3961_KDF,
167b9d004c6Schristos     _krb5_evp_encrypt_cts,
168b9d004c6Schristos     16,
169b9d004c6Schristos     AES_SHA1_PRF
170b9d004c6Schristos };
171b9d004c6Schristos 
172b9d004c6Schristos struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha1 = {
173b9d004c6Schristos     ETYPE_AES256_CTS_HMAC_SHA1_96,
174b9d004c6Schristos     "aes256-cts-hmac-sha1-96",
175b9d004c6Schristos     "aes256-cts",
176b9d004c6Schristos     16,
177b9d004c6Schristos     1,
178b9d004c6Schristos     16,
179b9d004c6Schristos     &keytype_aes256_sha1,
180b9d004c6Schristos     &_krb5_checksum_sha1,
181b9d004c6Schristos     &_krb5_checksum_hmac_sha1_aes256,
182b9d004c6Schristos     F_DERIVED | F_RFC3961_ENC | F_RFC3961_KDF,
183b9d004c6Schristos     _krb5_evp_encrypt_cts,
184b9d004c6Schristos     16,
185b9d004c6Schristos     AES_SHA1_PRF
186b9d004c6Schristos };
187