LCOV - code coverage report
Current view: top level - third_party/heimdal/lib/krb5 - crypto-aes-sha1.c (source / functions) Hit Total Coverage
Test: coverage report for support-claim-type-attributes 6b5c566e Lines: 30 37 81.1 %
Date: 2023-11-21 12:31:41 Functions: 1 1 100.0 %

          Line data    Source code
       1             : /*
       2             :  * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
       3             :  * (Royal Institute of Technology, Stockholm, Sweden).
       4             :  * All rights reserved.
       5             :  *
       6             :  * Redistribution and use in source and binary forms, with or without
       7             :  * modification, are permitted provided that the following conditions
       8             :  * are met:
       9             :  *
      10             :  * 1. Redistributions of source code must retain the above copyright
      11             :  *    notice, this list of conditions and the following disclaimer.
      12             :  *
      13             :  * 2. Redistributions in binary form must reproduce the above copyright
      14             :  *    notice, this list of conditions and the following disclaimer in the
      15             :  *    documentation and/or other materials provided with the distribution.
      16             :  *
      17             :  * 3. Neither the name of the Institute nor the names of its contributors
      18             :  *    may be used to endorse or promote products derived from this software
      19             :  *    without specific prior written permission.
      20             :  *
      21             :  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
      22             :  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
      23             :  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
      24             :  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
      25             :  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
      26             :  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
      27             :  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
      28             :  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
      29             :  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
      30             :  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
      31             :  * SUCH DAMAGE.
      32             :  */
      33             : 
      34             : #include "krb5_locl.h"
      35             : 
      36             : /*
      37             :  * AES
      38             :  */
      39             : 
      40             : static struct _krb5_key_type keytype_aes128_sha1 = {
      41             :     KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96,
      42             :     "aes-128",
      43             :     128,
      44             :     16,
      45             :     sizeof(struct _krb5_evp_schedule),
      46             :     NULL,
      47             :     _krb5_evp_schedule,
      48             :     _krb5_AES_SHA1_salt,
      49             :     NULL,
      50             :     _krb5_evp_cleanup,
      51             :     EVP_aes_128_cbc
      52             : };
      53             : 
      54             : static struct _krb5_key_type keytype_aes256_sha1 = {
      55             :     KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
      56             :     "aes-256",
      57             :     256,
      58             :     32,
      59             :     sizeof(struct _krb5_evp_schedule),
      60             :     NULL,
      61             :     _krb5_evp_schedule,
      62             :     _krb5_AES_SHA1_salt,
      63             :     NULL,
      64             :     _krb5_evp_cleanup,
      65             :     EVP_aes_256_cbc
      66             : };
      67             : 
      68             : struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128 = {
      69             :     CKSUMTYPE_HMAC_SHA1_96_AES_128,
      70             :     "hmac-sha1-96-aes128",
      71             :     64,
      72             :     12,
      73             :     F_KEYED | F_CPROOF | F_DERIVED,
      74             :     _krb5_SP_HMAC_SHA1_checksum,
      75             :     _krb5_SP_HMAC_SHA1_verify
      76             : };
      77             : 
      78             : struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256 = {
      79             :     CKSUMTYPE_HMAC_SHA1_96_AES_256,
      80             :     "hmac-sha1-96-aes256",
      81             :     64,
      82             :     12,
      83             :     F_KEYED | F_CPROOF | F_DERIVED,
      84             :     _krb5_SP_HMAC_SHA1_checksum,
      85             :     _krb5_SP_HMAC_SHA1_verify
      86             : };
      87             : 
      88             : static krb5_error_code
      89      681424 : AES_SHA1_PRF(krb5_context context,
      90             :              krb5_crypto crypto,
      91             :              const krb5_data *in,
      92             :              krb5_data *out)
      93             : {
      94      681424 :     struct _krb5_checksum_type *ct = crypto->et->checksum;
      95       26528 :     struct krb5_crypto_iov iov[1];
      96       26528 :     krb5_error_code ret;
      97       26528 :     Checksum result;
      98       26528 :     krb5_keyblock *derived;
      99             : 
     100      681424 :     result.cksumtype = ct->type;
     101      681424 :     ret = krb5_data_alloc(&result.checksum, ct->checksumsize);
     102      681424 :     if (ret) {
     103           0 :         krb5_set_error_message(context, ret, N_("malloc: out memory", ""));
     104           0 :         return ret;
     105             :     }
     106             : 
     107      681424 :     iov[0].data = *in;
     108      681424 :     iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
     109      681424 :     ret = (*ct->checksum)(context, crypto, NULL, 0, iov, 1, &result);
     110      681424 :     if (ret) {
     111           0 :         krb5_data_free(&result.checksum);
     112           0 :         return ret;
     113             :     }
     114             : 
     115      681424 :     if (result.checksum.length < crypto->et->blocksize)
     116           0 :         krb5_abortx(context, "internal prf error");
     117             : 
     118      681424 :     derived = NULL;
     119      681424 :     ret = krb5_derive_key(context, crypto->key.key,
     120      654896 :                           crypto->et->type, "prf", 3, &derived);
     121      681424 :     if (ret)
     122           0 :         krb5_abortx(context, "krb5_derive_key");
     123             : 
     124      681424 :     ret = krb5_data_alloc(out, crypto->et->blocksize);
     125      681424 :     if (ret)
     126           0 :         krb5_abortx(context, "malloc failed");
     127             : 
     128             :     {
     129      681424 :         const EVP_CIPHER *c = (*crypto->et->keytype->evp)();
     130       26528 :         EVP_CIPHER_CTX ctx;
     131             : 
     132      681424 :         EVP_CIPHER_CTX_init(&ctx); /* ivec all zero */
     133      681424 :         EVP_CipherInit_ex(&ctx, c, NULL, derived->keyvalue.data, NULL, 1);
     134      681424 :         EVP_Cipher(&ctx, out->data, result.checksum.data,
     135      681424 :                    crypto->et->blocksize);
     136      681424 :         EVP_CIPHER_CTX_cleanup(&ctx);
     137             :     }
     138             : 
     139      681424 :     krb5_data_free(&result.checksum);
     140      681424 :     krb5_free_keyblock(context, derived);
     141             : 
     142      681424 :     return ret;
     143             : }
     144             : 
     145             : struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha1 = {
     146             :     ETYPE_AES128_CTS_HMAC_SHA1_96,
     147             :     "aes128-cts-hmac-sha1-96",
     148             :     "aes128-cts",
     149             :     16,
     150             :     1,
     151             :     16,
     152             :     &keytype_aes128_sha1,
     153             :     &_krb5_checksum_sha1,
     154             :     &_krb5_checksum_hmac_sha1_aes128,
     155             :     F_DERIVED | F_RFC3961_ENC | F_RFC3961_KDF,
     156             :     _krb5_evp_encrypt_cts,
     157             :     _krb5_evp_encrypt_iov_cts,
     158             :     16,
     159             :     AES_SHA1_PRF
     160             : };
     161             : 
     162             : struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha1 = {
     163             :     ETYPE_AES256_CTS_HMAC_SHA1_96,
     164             :     "aes256-cts-hmac-sha1-96",
     165             :     "aes256-cts",
     166             :     16,
     167             :     1,
     168             :     16,
     169             :     &keytype_aes256_sha1,
     170             :     &_krb5_checksum_sha1,
     171             :     &_krb5_checksum_hmac_sha1_aes256,
     172             :     F_DERIVED | F_RFC3961_ENC | F_RFC3961_KDF,
     173             :     _krb5_evp_encrypt_cts,
     174             :     _krb5_evp_encrypt_iov_cts,
     175             :     16,
     176             :     AES_SHA1_PRF
     177             : };

Generated by: LCOV version 1.14