krb5/crypto/make_checksum.c

	make_checksum.c revision 505d05c73a6e56769f263d4803b22eddd168ee24
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Use is subject to license terms.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#pragma ident   "%Z%%M% %I% %E% SMI"
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Copyright (C) 1998 by the FundsXpress, INC.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Export of this software from the United States of America may require
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * a specific license from the United States Government.  It is the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * responsibility of any person or organization contemplating export to
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * obtain such a license before exporting.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * distribute this software and its documentation for any purpose and
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * without fee is hereby granted, provided that the above copyright
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * notice appear in all copies and that both that copyright notice and
f96bd5c800e73e351b0b6e4bd7f00b578dad29bbAlan Wright * this permission notice appear in supporting documentation, and that
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the name of FundsXpress. not be used in advertising or publicity pertaining
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * to distribution of the software without specific, written prior
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross * permission.  FundsXpress makes no representations about the suitability of
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * this software for any purpose.  It is provided "as is" without express
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * or implied warranty.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
55bf511df53aad0fdb7eb3fa349f0308cc05234cas * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
55bf511df53aad0fdb7eb3fa349f0308cc05234cas#include <k5-int.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <cksumtypes.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <etypes.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <dk.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwkrb5_error_code KRB5_CALLCONV
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwkrb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            const krb5_keyblock *key, krb5_keyusage usage,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            const krb5_data *input, krb5_checksum *cksum)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int i, e1, e2;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    krb5_data data;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    krb5_error_code ret = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    size_t cksumlen;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    KRB5_LOG0(KRB5_INFO, "krb5_c_make_checksum() start.");
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    for (i=0; i<krb5_cksumtypes_length; i++) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (krb5_cksumtypes_list[i].ctype == cksumtype)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        break;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (i == krb5_cksumtypes_length)
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    return(KRB5_BAD_ENCTYPE);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    if (krb5_cksumtypes_list[i].keyhash)
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    cksumlen = krb5_cksumtypes_list[i].keyhash->hashsize;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    else
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    cksumlen = krb5_cksumtypes_list[i].hash->hashsize;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
55bf511df53aad0fdb7eb3fa349f0308cc05234cas#ifdef _KERNEL
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    context->kef_cksum_mt = krb5_cksumtypes_list[i].kef_cksum_mt;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas#endif
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    cksum->length = cksumlen;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    if ((cksum->contents = (krb5_octet *) MALLOC(cksum->length)) == NULL)
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    return(ENOMEM);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    data.length = cksum->length;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    data.data = (char *) cksum->contents;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    if (krb5_cksumtypes_list[i].keyhash) {
8622ec4569457733001d4982ef7f5b44427069beGordon Ross
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    /* check if key is compatible */
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    if (krb5_cksumtypes_list[i].keyed_etype) {
55bf511df53aad0fdb7eb3fa349f0308cc05234cas        for (e1=0; e1<krb5_enctypes_length; e1++)
55bf511df53aad0fdb7eb3fa349f0308cc05234cas        if (krb5_enctypes_list[e1].etype ==
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross            krb5_cksumtypes_list[i].keyed_etype)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            break;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
55bf511df53aad0fdb7eb3fa349f0308cc05234cas        for (e2=0; e2<krb5_enctypes_length; e2++)
55bf511df53aad0fdb7eb3fa349f0308cc05234cas        if (krb5_enctypes_list[e2].etype == key->enctype)
55bf511df53aad0fdb7eb3fa349f0308cc05234cas            break;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
55bf511df53aad0fdb7eb3fa349f0308cc05234cas        if ((e1 == krb5_enctypes_length) ||
55bf511df53aad0fdb7eb3fa349f0308cc05234cas        (e2 == krb5_enctypes_length) ||
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        (krb5_enctypes_list[e1].enc != krb5_enctypes_list[e2].enc)) {
f96bd5c800e73e351b0b6e4bd7f00b578dad29bbAlan Wright        ret = KRB5_BAD_ENCTYPE;
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego        goto cleanup;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross        }
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    }
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States#ifdef _KERNEL
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    context->kef_cipher_mt = krb5_enctypes_list[e1].kef_cipher_mt;
b819cea2f73f98c5662230cc9affc8cc84f77fcfGordon Ross    context->kef_hash_mt = krb5_enctypes_list[e1].kef_hash_mt;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    if (key->kef_key.ck_data == NULL) {
55bf511df53aad0fdb7eb3fa349f0308cc05234cas        if ((ret = init_key_kef(context->kef_cipher_mt,
55bf511df53aad0fdb7eb3fa349f0308cc05234cas                (krb5_keyblock *)key)))
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego            goto cleanup;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    }
f96bd5c800e73e351b0b6e4bd7f00b578dad29bbAlan Wright#else
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if ((ret = init_key_uef(krb_ctx_hSession(context), (krb5_keyblock *)key)))
55bf511df53aad0fdb7eb3fa349f0308cc05234cas        return (ret);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas#endif /* _KERNEL */
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    ret = (*(krb5_cksumtypes_list[i].keyhash->hash))(context, key,
55bf511df53aad0fdb7eb3fa349f0308cc05234cas                        usage, 0, input, &data);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    } else if (krb5_cksumtypes_list[i].flags & KRB5_CKSUMFLAG_DERIVE) {
55bf511df53aad0fdb7eb3fa349f0308cc05234cas#ifdef _KERNEL
55bf511df53aad0fdb7eb3fa349f0308cc05234cas        context->kef_cipher_mt = get_cipher_mech_type(context,
55bf511df53aad0fdb7eb3fa349f0308cc05234cas                    (krb5_keyblock *)key);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas        context->kef_hash_mt = get_hash_mech_type(context,
55bf511df53aad0fdb7eb3fa349f0308cc05234cas                    (krb5_keyblock *)key);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    /*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw     * If the hash_mt is invalid, try using the cksum_mt
55bf511df53aad0fdb7eb3fa349f0308cc05234cas     * because "hash" and "checksum" are overloaded terms
55bf511df53aad0fdb7eb3fa349f0308cc05234cas     * in some places.
55bf511df53aad0fdb7eb3fa349f0308cc05234cas     */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (context->kef_hash_mt == CRYPTO_MECH_INVALID)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        context->kef_hash_mt = context->kef_cksum_mt;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas#else
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    ret = init_key_uef(krb_ctx_hSession(context), (krb5_keyblock *)key);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (ret)
55bf511df53aad0fdb7eb3fa349f0308cc05234cas        return (ret);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas#endif /* _KERNEL */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    ret = krb5_dk_make_checksum(context,
55bf511df53aad0fdb7eb3fa349f0308cc05234cas                krb5_cksumtypes_list[i].hash,
55bf511df53aad0fdb7eb3fa349f0308cc05234cas                key, usage, input, &data);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    } else {
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas        /*
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas         * No key is used, hash and cksum are synonymous
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw         * in this case
55bf511df53aad0fdb7eb3fa349f0308cc05234cas         */
55bf511df53aad0fdb7eb3fa349f0308cc05234cas#ifdef _KERNEL
55bf511df53aad0fdb7eb3fa349f0308cc05234cas        context->kef_hash_mt = context->kef_cksum_mt;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif /* _KERNEL */
55bf511df53aad0fdb7eb3fa349f0308cc05234cas        ret = (*(krb5_cksumtypes_list[i].hash->hash))(context, 1,
55bf511df53aad0fdb7eb3fa349f0308cc05234cas                            input, &data);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    if (!ret) {
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    cksum->magic = KV5M_CHECKSUM;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    cksum->checksum_type = cksumtype;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas        if (krb5_cksumtypes_list[i].trunc_size) {
55bf511df53aad0fdb7eb3fa349f0308cc05234cas            krb5_octet *trunc;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas            size_t old_len = cksum->length;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            /*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw             * Solaris Kerberos:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw             * The Kernel does not like 'realloc' (which is what
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego             * MIT code does here), so we do our own "realloc".
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw             */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            cksum->length = krb5_cksumtypes_list[i].trunc_size;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas            trunc = (krb5_octet *) MALLOC(cksum->length);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas            if (trunc) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                (void) memcpy(trunc, cksum->contents, cksum->length);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas                FREE(cksum->contents, old_len);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                cksum->contents = trunc;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas            } else {
55bf511df53aad0fdb7eb3fa349f0308cc05234cas                ret = ENOMEM;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas            }
55bf511df53aad0fdb7eb3fa349f0308cc05234cas        }
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    }
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
55bf511df53aad0fdb7eb3fa349f0308cc05234cascleanup:
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    if (ret) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) memset(cksum->contents, 0, cksum->length);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    FREE(cksum->contents, cksum->length);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    cksum->length = 0;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    cksum->contents = NULL;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    }
55bf511df53aad0fdb7eb3fa349f0308cc05234cas
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    KRB5_LOG(KRB5_INFO, "krb5_c_make_checksum() end ret = %d\n", ret);
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    return(ret);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw