17c478bd9Sstevel@tonic-gate /* 2*159d09a2SMark Phalan * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 37c478bd9Sstevel@tonic-gate * Use is subject to license terms. 47c478bd9Sstevel@tonic-gate */ 57c478bd9Sstevel@tonic-gate 67c478bd9Sstevel@tonic-gate 77c478bd9Sstevel@tonic-gate /* 87c478bd9Sstevel@tonic-gate * Copyright (C) 1998 by the FundsXpress, INC. 97c478bd9Sstevel@tonic-gate * 107c478bd9Sstevel@tonic-gate * All rights reserved. 117c478bd9Sstevel@tonic-gate * 127c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may require 137c478bd9Sstevel@tonic-gate * a specific license from the United States Government. It is the 147c478bd9Sstevel@tonic-gate * responsibility of any person or organization contemplating export to 157c478bd9Sstevel@tonic-gate * obtain such a license before exporting. 167c478bd9Sstevel@tonic-gate * 177c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 187c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 197c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 207c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 217c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 227c478bd9Sstevel@tonic-gate * the name of FundsXpress. not be used in advertising or publicity pertaining 237c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 247c478bd9Sstevel@tonic-gate * permission. FundsXpress makes no representations about the suitability of 257c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 267c478bd9Sstevel@tonic-gate * or implied warranty. 277c478bd9Sstevel@tonic-gate * 287c478bd9Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 297c478bd9Sstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 307c478bd9Sstevel@tonic-gate * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 317c478bd9Sstevel@tonic-gate */ 327c478bd9Sstevel@tonic-gate 33*159d09a2SMark Phalan #include "k5-int.h" 34*159d09a2SMark Phalan #include "cksumtypes.h" 357c478bd9Sstevel@tonic-gate 36505d05c7Sgtb krb5_error_code KRB5_CALLCONV 37505d05c7Sgtb krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, 38505d05c7Sgtb krb5_keyusage usage, const krb5_data *data, 39505d05c7Sgtb const krb5_checksum *cksum, krb5_boolean *valid) 407c478bd9Sstevel@tonic-gate { 417c478bd9Sstevel@tonic-gate int i; 427c478bd9Sstevel@tonic-gate size_t hashsize; 437c478bd9Sstevel@tonic-gate krb5_error_code ret; 447c478bd9Sstevel@tonic-gate krb5_data indata; 457c478bd9Sstevel@tonic-gate krb5_checksum computed; 467c478bd9Sstevel@tonic-gate 477c478bd9Sstevel@tonic-gate for (i=0; i<krb5_cksumtypes_length; i++) { 487c478bd9Sstevel@tonic-gate if (krb5_cksumtypes_list[i].ctype == cksum->checksum_type) 497c478bd9Sstevel@tonic-gate break; 507c478bd9Sstevel@tonic-gate } 517c478bd9Sstevel@tonic-gate 527c478bd9Sstevel@tonic-gate if (i == krb5_cksumtypes_length) 537c478bd9Sstevel@tonic-gate return(KRB5_BAD_ENCTYPE); 547c478bd9Sstevel@tonic-gate 557c478bd9Sstevel@tonic-gate /* if there's actually a verify function, call it */ 567c478bd9Sstevel@tonic-gate 577c478bd9Sstevel@tonic-gate indata.length = cksum->length; 587c478bd9Sstevel@tonic-gate indata.data = (char *) cksum->contents; 597c478bd9Sstevel@tonic-gate *valid = 0; 607c478bd9Sstevel@tonic-gate 617c478bd9Sstevel@tonic-gate if (krb5_cksumtypes_list[i].keyhash && 627c478bd9Sstevel@tonic-gate krb5_cksumtypes_list[i].keyhash->verify) 637c478bd9Sstevel@tonic-gate return((*(krb5_cksumtypes_list[i].keyhash->verify))( 647c478bd9Sstevel@tonic-gate context, key, usage, 0, data, &indata, valid)); 657c478bd9Sstevel@tonic-gate 667c478bd9Sstevel@tonic-gate /* otherwise, make the checksum again, and compare */ 677c478bd9Sstevel@tonic-gate 687c478bd9Sstevel@tonic-gate if ((ret = krb5_c_checksum_length(context, cksum->checksum_type, &hashsize))) 697c478bd9Sstevel@tonic-gate return(ret); 707c478bd9Sstevel@tonic-gate 717c478bd9Sstevel@tonic-gate if (cksum->length != hashsize) 727c478bd9Sstevel@tonic-gate return(KRB5_BAD_MSIZE); 737c478bd9Sstevel@tonic-gate 747c478bd9Sstevel@tonic-gate computed.length = hashsize; 757c478bd9Sstevel@tonic-gate 767c478bd9Sstevel@tonic-gate if ((ret = krb5_c_make_checksum(context, cksum->checksum_type, key, usage, 777c478bd9Sstevel@tonic-gate data, &computed))) { 787c478bd9Sstevel@tonic-gate FREE(computed.contents, computed.length); 797c478bd9Sstevel@tonic-gate return(ret); 807c478bd9Sstevel@tonic-gate } 817c478bd9Sstevel@tonic-gate 827c478bd9Sstevel@tonic-gate *valid = (memcmp(computed.contents, cksum->contents, hashsize) == 0); 837c478bd9Sstevel@tonic-gate 847c478bd9Sstevel@tonic-gate FREE(computed.contents, computed.length); 857c478bd9Sstevel@tonic-gate 867c478bd9Sstevel@tonic-gate return(0); 877c478bd9Sstevel@tonic-gate } 88