xref: /freebsd/crypto/heimdal/lib/krb5/crypto-aes.c (revision e4456411a8c2d4a9bfbccd60f2cf914fd402f817) 
1ae771770SStanislav Sedov /*
2ae771770SStanislav Sedov  * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3ae771770SStanislav Sedov  * (Royal Institute of Technology, Stockholm, Sweden).
4ae771770SStanislav Sedov  * All rights reserved.
5ae771770SStanislav Sedov  *
6ae771770SStanislav Sedov  * Redistribution and use in source and binary forms, with or without
7ae771770SStanislav Sedov  * modification, are permitted provided that the following conditions
8ae771770SStanislav Sedov  * are met:
9ae771770SStanislav Sedov  *
10ae771770SStanislav Sedov  * 1. Redistributions of source code must retain the above copyright
11ae771770SStanislav Sedov  *    notice, this list of conditions and the following disclaimer.
12ae771770SStanislav Sedov  *
13ae771770SStanislav Sedov  * 2. Redistributions in binary form must reproduce the above copyright
14ae771770SStanislav Sedov  *    notice, this list of conditions and the following disclaimer in the
15ae771770SStanislav Sedov  *    documentation and/or other materials provided with the distribution.
16ae771770SStanislav Sedov  *
17ae771770SStanislav Sedov  * 3. Neither the name of the Institute nor the names of its contributors
18ae771770SStanislav Sedov  *    may be used to endorse or promote products derived from this software
19ae771770SStanislav Sedov  *    without specific prior written permission.
20ae771770SStanislav Sedov  *
21ae771770SStanislav Sedov  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22ae771770SStanislav Sedov  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23ae771770SStanislav Sedov  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24ae771770SStanislav Sedov  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25ae771770SStanislav Sedov  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26ae771770SStanislav Sedov  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27ae771770SStanislav Sedov  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28ae771770SStanislav Sedov  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29ae771770SStanislav Sedov  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30ae771770SStanislav Sedov  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31ae771770SStanislav Sedov  * SUCH DAMAGE.
32ae771770SStanislav Sedov  */
33ae771770SStanislav Sedov 
34ae771770SStanislav Sedov #include "krb5_locl.h"
35ae771770SStanislav Sedov 
36ae771770SStanislav Sedov /*
37ae771770SStanislav Sedov  * AES
38ae771770SStanislav Sedov  */
39ae771770SStanislav Sedov 
40ae771770SStanislav Sedov static struct _krb5_key_type keytype_aes128 = {
41ae771770SStanislav Sedov     ENCTYPE_AES128_CTS_HMAC_SHA1_96,
42ae771770SStanislav Sedov     "aes-128",
43ae771770SStanislav Sedov     128,
44ae771770SStanislav Sedov     16,
45ae771770SStanislav Sedov     sizeof(struct _krb5_evp_schedule),
46ae771770SStanislav Sedov     NULL,
47ae771770SStanislav Sedov     _krb5_evp_schedule,
48ae771770SStanislav Sedov     _krb5_AES_salt,
49ae771770SStanislav Sedov     NULL,
50ae771770SStanislav Sedov     _krb5_evp_cleanup,
51ae771770SStanislav Sedov     EVP_aes_128_cbc
52ae771770SStanislav Sedov };
53ae771770SStanislav Sedov 
54ae771770SStanislav Sedov static struct _krb5_key_type keytype_aes256 = {
55ae771770SStanislav Sedov     ENCTYPE_AES256_CTS_HMAC_SHA1_96,
56ae771770SStanislav Sedov     "aes-256",
57ae771770SStanislav Sedov     256,
58ae771770SStanislav Sedov     32,
59ae771770SStanislav Sedov     sizeof(struct _krb5_evp_schedule),
60ae771770SStanislav Sedov     NULL,
61ae771770SStanislav Sedov     _krb5_evp_schedule,
62ae771770SStanislav Sedov     _krb5_AES_salt,
63ae771770SStanislav Sedov     NULL,
64ae771770SStanislav Sedov     _krb5_evp_cleanup,
65ae771770SStanislav Sedov     EVP_aes_256_cbc
66ae771770SStanislav Sedov };
67ae771770SStanislav Sedov 
68ae771770SStanislav Sedov struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128 = {
69ae771770SStanislav Sedov     CKSUMTYPE_HMAC_SHA1_96_AES_128,
70ae771770SStanislav Sedov     "hmac-sha1-96-aes128",
71ae771770SStanislav Sedov     64,
72ae771770SStanislav Sedov     12,
73ae771770SStanislav Sedov     F_KEYED | F_CPROOF | F_DERIVED,
74ae771770SStanislav Sedov     _krb5_SP_HMAC_SHA1_checksum,
75ae771770SStanislav Sedov     NULL
76ae771770SStanislav Sedov };
77ae771770SStanislav Sedov 
78ae771770SStanislav Sedov struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256 = {
79ae771770SStanislav Sedov     CKSUMTYPE_HMAC_SHA1_96_AES_256,
80ae771770SStanislav Sedov     "hmac-sha1-96-aes256",
81ae771770SStanislav Sedov     64,
82ae771770SStanislav Sedov     12,
83ae771770SStanislav Sedov     F_KEYED | F_CPROOF | F_DERIVED,
84ae771770SStanislav Sedov     _krb5_SP_HMAC_SHA1_checksum,
85ae771770SStanislav Sedov     NULL
86ae771770SStanislav Sedov };
87ae771770SStanislav Sedov 
88ae771770SStanislav Sedov static krb5_error_code
89ae771770SStanislav Sedov AES_PRF(krb5_context context,
90ae771770SStanislav Sedov 	krb5_crypto crypto,
91ae771770SStanislav Sedov 	const krb5_data *in,
92ae771770SStanislav Sedov 	krb5_data *out)
93ae771770SStanislav Sedov {
94ae771770SStanislav Sedov     struct _krb5_checksum_type *ct = crypto->et->checksum;
95ae771770SStanislav Sedov     krb5_error_code ret;
96ae771770SStanislav Sedov     Checksum result;
97ae771770SStanislav Sedov     krb5_keyblock *derived;
98ae771770SStanislav Sedov 
99ae771770SStanislav Sedov     result.cksumtype = ct->type;
100ae771770SStanislav Sedov     ret = krb5_data_alloc(&result.checksum, ct->checksumsize);
101ae771770SStanislav Sedov     if (ret) {
102ae771770SStanislav Sedov 	krb5_set_error_message(context, ret, N_("malloc: out memory", ""));
103ae771770SStanislav Sedov 	return ret;
104ae771770SStanislav Sedov     }
105ae771770SStanislav Sedov 
106ae771770SStanislav Sedov     ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result);
107ae771770SStanislav Sedov     if (ret) {
108ae771770SStanislav Sedov 	krb5_data_free(&result.checksum);
109ae771770SStanislav Sedov 	return ret;
110ae771770SStanislav Sedov     }
111ae771770SStanislav Sedov 
112ae771770SStanislav Sedov     if (result.checksum.length < crypto->et->blocksize)
113ae771770SStanislav Sedov 	krb5_abortx(context, "internal prf error");
114ae771770SStanislav Sedov 
115ae771770SStanislav Sedov     derived = NULL;
116ae771770SStanislav Sedov     ret = krb5_derive_key(context, crypto->key.key,
117ae771770SStanislav Sedov 			  crypto->et->type, "prf", 3, &derived);
118ae771770SStanislav Sedov     if (ret)
119ae771770SStanislav Sedov 	krb5_abortx(context, "krb5_derive_key");
120ae771770SStanislav Sedov 
121ae771770SStanislav Sedov     ret = krb5_data_alloc(out, crypto->et->blocksize);
122ae771770SStanislav Sedov     if (ret)
123ae771770SStanislav Sedov 	krb5_abortx(context, "malloc failed");
124ae771770SStanislav Sedov 
125ae771770SStanislav Sedov     {
126ae771770SStanislav Sedov 	const EVP_CIPHER *c = (*crypto->et->keytype->evp)();
127*e4456411SJohn Baldwin 	EVP_CIPHER_CTX *ctx;
128ae771770SStanislav Sedov 
129*e4456411SJohn Baldwin 	ctx = EVP_CIPHER_CTX_new(); /* ivec all zero */
130*e4456411SJohn Baldwin 	if (ctx == NULL)
131*e4456411SJohn Baldwin 	    krb5_abortx(context, "malloc failed");
132*e4456411SJohn Baldwin 	EVP_CipherInit_ex(ctx, c, NULL, derived->keyvalue.data, NULL, 1);
133*e4456411SJohn Baldwin 	EVP_Cipher(ctx, out->data, result.checksum.data,
134ae771770SStanislav Sedov 		   crypto->et->blocksize);
135*e4456411SJohn Baldwin 	EVP_CIPHER_CTX_free(ctx);
136ae771770SStanislav Sedov     }
137ae771770SStanislav Sedov 
138ae771770SStanislav Sedov     krb5_data_free(&result.checksum);
139ae771770SStanislav Sedov     krb5_free_keyblock(context, derived);
140ae771770SStanislav Sedov 
141ae771770SStanislav Sedov     return ret;
142ae771770SStanislav Sedov }
143ae771770SStanislav Sedov 
144ae771770SStanislav Sedov struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha1 = {
145ae771770SStanislav Sedov     ETYPE_AES128_CTS_HMAC_SHA1_96,
146ae771770SStanislav Sedov     "aes128-cts-hmac-sha1-96",
147ae771770SStanislav Sedov     16,
148ae771770SStanislav Sedov     1,
149ae771770SStanislav Sedov     16,
150ae771770SStanislav Sedov     &keytype_aes128,
151ae771770SStanislav Sedov     &_krb5_checksum_sha1,
152ae771770SStanislav Sedov     &_krb5_checksum_hmac_sha1_aes128,
153ae771770SStanislav Sedov     F_DERIVED,
154ae771770SStanislav Sedov     _krb5_evp_encrypt_cts,
155ae771770SStanislav Sedov     16,
156ae771770SStanislav Sedov     AES_PRF
157ae771770SStanislav Sedov };
158ae771770SStanislav Sedov 
159ae771770SStanislav Sedov struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha1 = {
160ae771770SStanislav Sedov     ETYPE_AES256_CTS_HMAC_SHA1_96,
161ae771770SStanislav Sedov     "aes256-cts-hmac-sha1-96",
162ae771770SStanislav Sedov     16,
163ae771770SStanislav Sedov     1,
164ae771770SStanislav Sedov     16,
165ae771770SStanislav Sedov     &keytype_aes256,
166ae771770SStanislav Sedov     &_krb5_checksum_sha1,
167ae771770SStanislav Sedov     &_krb5_checksum_hmac_sha1_aes256,
168ae771770SStanislav Sedov     F_DERIVED,
169ae771770SStanislav Sedov     _krb5_evp_encrypt_cts,
170ae771770SStanislav Sedov     16,
171ae771770SStanislav Sedov     AES_PRF
172ae771770SStanislav Sedov };
173