KMSAgentChallenge.cpp revision 4f14b0f29aa144cc03efdde5508ae126ae197acf
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
*/
/**
* \file KMSAgentChallenge.cpp
*/
#include "KMSAgentChallenge.h"
#include "KMSAgentCryptoUtilities.h"
#include "KMSAgentStringUtilities.h"
#include "ApplianceParameters.h"
#include "SYSCommon.h"
char* msg2);
#ifdef METAWARE
#include "debug.h"
#endif
/**
* ComputeChallengeResponse
*/
bool ComputeChallengeResponse(
const unsigned char* i_pAuthenticationSecret,
const unsigned char* i_pRootCACertificate,
const unsigned char* i_pAuthenticationChallenge,
unsigned char* o_pAuthenticationChallengeResponse,
{
bool rc;
#ifdef DEBUG
#endif
// challenge response is HMAC-SHA1( RootCACertificate ||
// AuthenticationChallenge, AuthenticationSecret )
const unsigned char* aBuffersToHMAC[2];
int aBuffersToHMACSize[2];
rc = HMACBuffers(
2,
int j=0;
"length=%x\n",
for (int i=0 ; i< i_iAuthenticationSecretLength; i++)
{
"%x",
}
#endif
j=0;
"length=%x\n",
for (i=0 ; i< i_iRootCACertificateLength; i++)
{
"%x",
i_pRootCACertificate[i]);
}
#endif
j=0;
"length=%x\n",
for (i=0 ; i< i_iAuthenticationChallengeLength; i++)
{
"%x",
}
#endif
j=0;
"length=%x\n",
for (i=0 ; i< i_iAuthenticationChallengeResponseLength; i++)
{
"%x",
}
#endif
return rc;
}
/**
* ComputeEntityHashedPassphraseAndAuthenticationSecret
*/
const char* i_sPassphrase,
char* const o_sHexHashedPassphrase,
int* const o_piAuthenticationHashIterationCount,
char* const o_sHexAuthenticationSecret )
{
// HashedPassphrase is SHA1( Passphrase-UTF-8 )
// Using UTF-8 ensures the same result on different platforms with
// different wide character representations.
// This hashed passphrase value is used to wrap entity
// private key materials.
Log2 ("KMSAgent_LoadProfile::ComputeEntityHashedPassphraseAndAuthenticationSecret",
"Entered");
#endif
unsigned char aHashedPassphrase[HASH_LENGTH];
if ( strlen(i_sPassphrase) > 0 )
{
if ( !HashBuffer(
(unsigned char*)i_sPassphrase,
{
return false;
}
}
HASH_LENGTH );
// HexAuthenticationSecret is SHA1( SHA1( ... ( SHA1(
// HashedPassphrase ) ) ) The number of iterations is time bounded
// at 1/10 of a second, and also bounded by fixed minimum and
// maximum values (to prevent too weak of a computation and to
// prevent a DoS, respectively). This value is used as the shared
// secret in challenge-response authentication exchanges.
unsigned long iStartTickCount = K_GetTickCount();
while ( *o_piAuthenticationHashIterationCount <
|| iStartTickCount +
K_GetTickCount() ) )
{
if ( !HashBuffer(
{
return false;
}
}
"o_sHexAuthenticationSecret=%x o_piAuth..."
"= %x aHashedPassphrase=%s\n",
Log2("ComputeEntityHashedPassphraseAndAuthenticationSecret ",
outmsg);
#endif
return true;
}
/**
* ComputeFixedEntityHashedPassphraseAndAuthenticationSecret
*/
const char* i_sPassphrase,
char* const o_sHexHashedPassphrase,
char* const o_sHexAuthenticationSecret )
{
// compute same values as
// ComputeEntityHashedPassphraseAndAuthenticationSecret, except
// iteration count is fixed
Log2 ("KMSAgent_LoadProfile::"
"ComputeFixedEntityHashedPassphraseAndAuthenticationSecret", "Entered");
#endif
// detect attempts to cause weak computation or DoS attack
{
return false;
}
unsigned char aHashedPassphrase[HASH_LENGTH];
if ( strlen(i_sPassphrase) > 0 )
{
if ( !HashBuffer(
(unsigned char*)i_sPassphrase,
{
return false;
}
}
int i;
for ( i = 0; i < i_iAuthenticationHashIterationCount; i++ )
{
if ( !HashBuffer(
{
return false;
}
}
"i_iAuth %x \n",
Log2("ComputeEntityHashedPassphraseAndAuthenticationSecret ",
outmsg);
#endif
return true;
}