1/*
2 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3 * Use is subject to license terms.
4 */
5
6
7/*
8 * Copyright (C) 1998 by the FundsXpress, INC.
9 *
10 * All rights reserved.
11 *
12 * Export of this software from the United States of America may require
13 * a specific license from the United States Government.  It is the
14 * responsibility of any person or organization contemplating export to
15 * obtain such a license before exporting.
16 *
17 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
18 * distribute this software and its documentation for any purpose and
19 * without fee is hereby granted, provided that the above copyright
20 * notice appear in all copies and that both that copyright notice and
21 * this permission notice appear in supporting documentation, and that
22 * the name of FundsXpress. not be used in advertising or publicity pertaining
23 * to distribution of the software without specific, written prior
24 * permission.  FundsXpress makes no representations about the suitability of
25 * this software for any purpose.  It is provided "as is" without express
26 * or implied warranty.
27 *
28 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
29 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
30 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
31 */
32
33#include "k5-int.h"
34
35/* Solaris Kerberos */
36#ifdef _KERNEL
37/*
38 * In kernel, use the Kernel encryption framework HMAC
39 * operation, its far more efficient than the MIT method.
40 * Also, a template is used to further improve performance.
41 */
42/* ARGSUSED */
43krb5_error_code
44krb5_hmac(krb5_context context, const krb5_keyblock *key,
45	krb5_const krb5_data *input, krb5_data *output)
46{
47	int rv = CRYPTO_FAILED;
48        crypto_mechanism_t mac_mech;
49	crypto_data_t dd;
50	crypto_data_t mac;
51
52	KRB5_LOG0(KRB5_INFO, "krb5_hmac() start");
53	if (output == NULL || output->data == NULL) {
54		KRB5_LOG0(KRB5_INFO, "krb5_hmac() NULL output");
55		return (rv);
56	}
57	if (input == NULL || input->data == NULL) {
58		KRB5_LOG0(KRB5_INFO, "krb5_hmac() NULL input");
59		return (rv);
60	}
61
62	dd.cd_format = CRYPTO_DATA_RAW;
63	dd.cd_offset = 0;
64	dd.cd_length = input->length;
65	dd.cd_raw.iov_base = (char *)input->data;
66	dd.cd_raw.iov_len = input->length;
67
68	mac.cd_format = CRYPTO_DATA_RAW;
69	mac.cd_offset = 0;
70	mac.cd_length = output->length;
71	mac.cd_raw.iov_base = (char *)output->data;
72	mac.cd_raw.iov_len = output->length;
73
74	mac_mech.cm_type = context->kef_hash_mt;
75	mac_mech.cm_param = NULL;
76	mac_mech.cm_param_len = 0;
77
78	rv = crypto_mac(&mac_mech, &dd,
79			(crypto_key_t *)&key->kef_key,
80			key->key_tmpl, &mac, NULL);
81
82	if (rv != CRYPTO_SUCCESS) {
83		KRB5_LOG(KRB5_ERR,"crypto_mac error: %0x", rv);
84	}
85
86	KRB5_LOG(KRB5_INFO, "krb5_hmac() end ret=%d\n", rv);
87	return(rv);
88}
89
90#else
91/* Userland implementation of HMAC algorithm */
92
93/*
94 * the HMAC transform looks like:
95 *
96 * H(K XOR opad, H(K XOR ipad, text))
97 *
98 * where H is a cryptographic hash
99 * K is an n byte key
100 * ipad is the byte 0x36 repeated blocksize times
101 * opad is the byte 0x5c repeated blocksize times
102 * and text is the data being protected
103 */
104
105krb5_error_code
106krb5_hmac(krb5_context context,
107	krb5_const struct krb5_hash_provider *hash,
108	krb5_const krb5_keyblock *key,
109	krb5_const unsigned int icount,
110	krb5_const krb5_data *input,
111	krb5_data *output)
112{
113    size_t hashsize, blocksize;
114    unsigned char *xorkey, *ihash;
115    int i;
116    krb5_data *hashin, hashout;
117    krb5_error_code ret;
118
119    /* Solaris Kerberos */
120    KRB5_LOG0(KRB5_INFO, "krb5_hmac() start\n");
121
122    if (hash == NULL) {
123	KRB5_LOG0(KRB5_ERR, "krb5_hmac() error hash == NULL\n");
124	return(EINVAL);
125    }
126    if (key == NULL) {
127	KRB5_LOG0(KRB5_ERR, "krb5_hmac() error key == NULL\n");
128	return(EINVAL);
129    }
130    if (input == NULL) {
131	KRB5_LOG0(KRB5_ERR, "krb5_hmac() error input == NULL\n");
132	return(EINVAL);
133    }
134    if (output == NULL) {
135	KRB5_LOG0(KRB5_ERR, "krb5_hmac() error output == NULL\n");
136	return(EINVAL);
137    }
138
139    hashsize = hash->hashsize;
140    blocksize = hash->blocksize;
141
142    if (key->length > blocksize)
143	return(KRB5_CRYPTO_INTERNAL);
144    if (output->length < hashsize)
145	return(KRB5_BAD_MSIZE);
146    /* if this isn't > 0, then there won't be enough space in this
147       array to compute the outer hash */
148    if (icount == 0)
149	return(KRB5_CRYPTO_INTERNAL);
150
151    /* allocate space for the xor key, hash input vector, and inner hash */
152
153    if ((xorkey = (unsigned char *) MALLOC(blocksize)) == NULL)
154	return(ENOMEM);
155    if ((ihash = (unsigned char *) MALLOC(hashsize)) == NULL) {
156	FREE(xorkey, blocksize);
157	return(ENOMEM);
158    }
159    if ((hashin = (krb5_data *)MALLOC(sizeof(krb5_data)*(icount+1))) == NULL) {
160	FREE(ihash, hashsize);
161	FREE(xorkey, blocksize);
162	return(ENOMEM);
163    }
164
165    /* create the inner padded key */
166
167    /* Solaris Kerberos */
168    (void) memset(xorkey, 0x36, blocksize);
169
170    for (i=0; i<key->length; i++)
171	xorkey[i] ^= key->contents[i];
172
173    /* compute the inner hash */
174
175    for (i=0; i<icount; i++) {
176	hashin[0].length = blocksize;
177	hashin[0].data = (char *) xorkey;
178	hashin[i+1] = input[i];
179    }
180
181    hashout.length = hashsize;
182    hashout.data = (char *) ihash;
183
184    /* Solaris Kerberos */
185    if ((ret = ((*(hash->hash))(context, icount+1, hashin, &hashout))))
186	goto cleanup;
187
188    /* create the outer padded key */
189
190    /* Solaris Kerberos */
191    (void) memset(xorkey, 0x5c, blocksize);
192
193    for (i=0; i<key->length; i++)
194	xorkey[i] ^= key->contents[i];
195
196    /* compute the outer hash */
197
198    hashin[0].length = blocksize;
199    hashin[0].data = (char *) xorkey;
200    hashin[1] = hashout;
201
202    output->length = hashsize;
203
204    /* Solaris Kerberos */
205    if ((ret = ((*(hash->hash))(context, 2, hashin, output))))
206	(void) memset(output->data, 0, output->length);
207
208    /* ret is set correctly by the prior call */
209
210cleanup:
211    /* Solaris Kerberos */
212    (void) memset(xorkey, 0, blocksize);
213    (void) memset(ihash, 0, hashsize);
214
215    FREE(hashin, sizeof(krb5_data)*(icount+1));
216    FREE(ihash, hashsize);
217    FREE(xorkey, blocksize);
218
219    /* Solaris Kerberos */
220    KRB5_LOG(KRB5_INFO, "krb5_hmac() end ret=%d\n", ret);
221    return(ret);
222}
223#endif /* _KERNEL */
224