1 /* $NetBSD: crypto-aes.c,v 1.1.1.2 2014/04/24 12:45:49 pettai Exp $ */
2
3 /*
4 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include "krb5_locl.h"
37
38 /*
39 * AES
40 */
41
42 static struct _krb5_key_type keytype_aes128 = {
43 ENCTYPE_AES128_CTS_HMAC_SHA1_96,
44 "aes-128",
45 128,
46 16,
47 sizeof(struct _krb5_evp_schedule),
48 NULL,
49 _krb5_evp_schedule,
50 _krb5_AES_salt,
51 NULL,
52 _krb5_evp_cleanup,
53 EVP_aes_128_cbc
54 };
55
56 static struct _krb5_key_type keytype_aes256 = {
57 ENCTYPE_AES256_CTS_HMAC_SHA1_96,
58 "aes-256",
59 256,
60 32,
61 sizeof(struct _krb5_evp_schedule),
62 NULL,
63 _krb5_evp_schedule,
64 _krb5_AES_salt,
65 NULL,
66 _krb5_evp_cleanup,
67 EVP_aes_256_cbc
68 };
69
70 struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128 = {
71 CKSUMTYPE_HMAC_SHA1_96_AES_128,
72 "hmac-sha1-96-aes128",
73 64,
74 12,
75 F_KEYED | F_CPROOF | F_DERIVED,
76 _krb5_SP_HMAC_SHA1_checksum,
77 NULL
78 };
79
80 struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256 = {
81 CKSUMTYPE_HMAC_SHA1_96_AES_256,
82 "hmac-sha1-96-aes256",
83 64,
84 12,
85 F_KEYED | F_CPROOF | F_DERIVED,
86 _krb5_SP_HMAC_SHA1_checksum,
87 NULL
88 };
89
90 static krb5_error_code
AES_PRF(krb5_context context,krb5_crypto crypto,const krb5_data * in,krb5_data * out)91 AES_PRF(krb5_context context,
92 krb5_crypto crypto,
93 const krb5_data *in,
94 krb5_data *out)
95 {
96 struct _krb5_checksum_type *ct = crypto->et->checksum;
97 krb5_error_code ret;
98 Checksum result;
99 krb5_keyblock *derived;
100
101 result.cksumtype = ct->type;
102 ret = krb5_data_alloc(&result.checksum, ct->checksumsize);
103 if (ret) {
104 krb5_set_error_message(context, ret, N_("malloc: out memory", ""));
105 return ret;
106 }
107
108 ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result);
109 if (ret) {
110 krb5_data_free(&result.checksum);
111 return ret;
112 }
113
114 if (result.checksum.length < crypto->et->blocksize)
115 krb5_abortx(context, "internal prf error");
116
117 derived = NULL;
118 ret = krb5_derive_key(context, crypto->key.key,
119 crypto->et->type, "prf", 3, &derived);
120 if (ret)
121 krb5_abortx(context, "krb5_derive_key");
122
123 ret = krb5_data_alloc(out, crypto->et->blocksize);
124 if (ret)
125 krb5_abortx(context, "malloc failed");
126
127 {
128 const EVP_CIPHER *c = (*crypto->et->keytype->evp)();
129 EVP_CIPHER_CTX ctx;
130
131 EVP_CIPHER_CTX_init(&ctx); /* ivec all zero */
132 EVP_CipherInit_ex(&ctx, c, NULL, derived->keyvalue.data, NULL, 1);
133 EVP_Cipher(&ctx, out->data, result.checksum.data,
134 crypto->et->blocksize);
135 EVP_CIPHER_CTX_cleanup(&ctx);
136 }
137
138 krb5_data_free(&result.checksum);
139 krb5_free_keyblock(context, derived);
140
141 return ret;
142 }
143
144 struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha1 = {
145 ETYPE_AES128_CTS_HMAC_SHA1_96,
146 "aes128-cts-hmac-sha1-96",
147 16,
148 1,
149 16,
150 &keytype_aes128,
151 &_krb5_checksum_sha1,
152 &_krb5_checksum_hmac_sha1_aes128,
153 F_DERIVED,
154 _krb5_evp_encrypt_cts,
155 16,
156 AES_PRF
157 };
158
159 struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha1 = {
160 ETYPE_AES256_CTS_HMAC_SHA1_96,
161 "aes256-cts-hmac-sha1-96",
162 16,
163 1,
164 16,
165 &keytype_aes256,
166 &_krb5_checksum_sha1,
167 &_krb5_checksum_hmac_sha1_aes256,
168 F_DERIVED,
169 _krb5_evp_encrypt_cts,
170 16,
171 AES_PRF
172 };
173