2 * Copyright (C) 1998 by the FundsXpress, INC.
6 * Export of this software from the United States of America may require
7 * a specific license from the United States Government. It is the
8 * responsibility of any person or organization contemplating export to
9 * obtain such a license before exporting.
11 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12 * distribute this software and its documentation for any purpose and
13 * without fee is hereby granted, provided that the above copyright
14 * notice appear in all copies and that both that copyright notice and
15 * this permission notice appear in supporting documentation, and that
16 * the name of FundsXpress. not be used in advertising or publicity pertaining
17 * to distribution of the software without specific, written prior
18 * permission. FundsXpress makes no representations about the suitability of
19 * this software for any purpose. It is provided "as is" without express
20 * or implied warranty.
22 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
24 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
31 * the HMAC transform looks like:
33 * H(K XOR opad, H(K XOR ipad, text))
35 * where H is a cryptographic hash
37 * ipad is the byte 0x36 repeated blocksize times
38 * opad is the byte 0x5c repeated blocksize times
39 * and text is the data being protected
43 krb5_hmac(const struct krb5_hash_provider *hash, const krb5_keyblock *key,
44 unsigned int icount, const krb5_data *input, krb5_data *output)
46 size_t hashsize, blocksize;
47 unsigned char *xorkey, *ihash;
49 krb5_data *hashin, hashout;
52 hashsize = hash->hashsize;
53 blocksize = hash->blocksize;
55 if (key->length > blocksize)
56 return(KRB5_CRYPTO_INTERNAL);
57 if (output->length < hashsize)
58 return(KRB5_BAD_MSIZE);
59 /* if this isn't > 0, then there won't be enough space in this
60 array to compute the outer hash */
62 return(KRB5_CRYPTO_INTERNAL);
64 /* allocate space for the xor key, hash input vector, and inner hash */
66 if ((xorkey = (unsigned char *) malloc(blocksize)) == NULL)
68 if ((ihash = (unsigned char *) malloc(hashsize)) == NULL) {
72 if ((hashin = (krb5_data *)malloc(sizeof(krb5_data)*(icount+1))) == NULL) {
78 /* create the inner padded key */
80 memset(xorkey, 0x36, blocksize);
82 for (i=0; i<key->length; i++)
83 xorkey[i] ^= key->contents[i];
85 /* compute the inner hash */
87 for (i=0; i<icount; i++) {
88 hashin[0].length = blocksize;
89 hashin[0].data = (char *) xorkey;
90 hashin[i+1] = input[i];
93 hashout.length = hashsize;
94 hashout.data = (char *) ihash;
96 if ((ret = ((*(hash->hash))(icount+1, hashin, &hashout))))
99 /* create the outer padded key */
101 memset(xorkey, 0x5c, blocksize);
103 for (i=0; i<key->length; i++)
104 xorkey[i] ^= key->contents[i];
106 /* compute the outer hash */
108 hashin[0].length = blocksize;
109 hashin[0].data = (char *) xorkey;
112 output->length = hashsize;
114 if ((ret = ((*(hash->hash))(2, hashin, output))))
115 memset(output->data, 0, output->length);
117 /* ret is set correctly by the prior call */
120 memset(xorkey, 0, blocksize);
121 memset(ihash, 0, hashsize);
131 krb5_hmac_iov(const struct krb5_hash_provider *hash, const krb5_keyblock *key,
132 const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
134 krb5_data *sign_data;
135 size_t num_sign_data;
139 /* Create a checksum over all the data to be signed */
140 for (i = 0, num_sign_data = 0; i < num_data; i++) {
141 const krb5_crypto_iov *iov = &data[i];
146 /* XXX cleanup to avoid alloc */
147 sign_data = (krb5_data *)calloc(num_sign_data, sizeof(krb5_data));
148 if (sign_data == NULL)
151 for (i = 0, j = 0; i < num_data; i++) {
152 const krb5_crypto_iov *iov = &data[i];
155 sign_data[j++] = iov->data;
158 /* caller must store checksum in iov as it may be TYPE_TRAILER or TYPE_CHECKSUM */
159 ret = krb5_hmac(hash, key, num_sign_data, sign_data, output);