--- /dev/null
+/*
+ * lib/crypto/cf2.c
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ *
+ * Implement KRB_FX_CF2 function per
+ *draft-ietf-krb-wg-preauth-framework-09. Take two keys and two
+ *pepper strings as input and return a combined key.
+ */
+
+#include <k5-int.h>
+#include <assert.h>
+#include "etypes.h"
+
+
+/*
+ * Call the PRF function multiple times with the pepper prefixed with
+ * a count byte to get enough bits of output.
+ */
+static krb5_error_code
+prf_plus( krb5_context context, krb5_keyblock *k,const char *pepper,
+ size_t keybytes, char **out)
+{
+ krb5_error_code retval = 0;
+ size_t prflen, iterations;
+ krb5_data out_data;
+ krb5_data in_data;
+ char *buffer = NULL;
+ struct k5buf prf_inbuf;
+ krb5int_buf_init_dynamic(&prf_inbuf);
+ krb5int_buf_add_len( &prf_inbuf, "\001", 1);
+ krb5int_buf_add( &prf_inbuf, pepper);
+ retval = krb5_c_prf_length( context, k->enctype, &prflen);
+ if (retval != 0)
+ goto cleanup;
+ iterations = keybytes/prflen;
+ if ((keybytes%prflen) != 0)
+ iterations++;
+ assert(iterations <= 254);
+ buffer = malloc(iterations*prflen);
+ if (buffer == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ if (krb5int_buf_len( &prf_inbuf) == -1) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ in_data.length = (krb5_int32) krb5int_buf_len( &prf_inbuf);
+ in_data.data = krb5int_buf_data( &prf_inbuf);
+ out_data.length = prflen;
+ out_data.data = buffer;
+
+ while (iterations > 0) {
+ retval = krb5_c_prf( context, k, &in_data, &out_data);
+ if (retval != 0)
+ goto cleanup;
+ out_data.data += prflen;
+ in_data.data[0]++;
+ iterations--;
+ }
+ cleanup:
+ if (retval == 0 )
+ *out = buffer;
+ else{
+ if (buffer != NULL)
+ free(buffer);
+ }
+ krb5int_free_buf( &prf_inbuf);
+ return retval;
+}
+
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_fx_cf2_simple(krb5_context context,
+ krb5_keyblock *k1, const char *pepper1,
+ krb5_keyblock *k2, const char *pepper2,
+ krb5_keyblock **out)
+{
+ const struct krb5_keytypes *out_enctype;
+ size_t keybytes, keylength, i;
+ char *prf1 = NULL, *prf2 = NULL;
+ krb5_data keydata;
+ krb5_enctype out_enctype_num;
+ krb5_error_code retval = 0;
+ krb5_keyblock *out_key = NULL;
+
+
+ if (k1 == NULL ||!krb5_c_valid_enctype(k1->enctype))
+ return KRB5_BAD_ENCTYPE;
+ if (k2 == NULL || !krb5_c_valid_enctype(k2->enctype))
+ return KRB5_BAD_ENCTYPE;
+ out_enctype_num = k1->enctype;
+ assert(out != NULL);
+ assert ((out_enctype = find_enctype(out_enctype_num)) != NULL);
+ if (out_enctype->prf == NULL) {
+ if (context)
+ krb5int_set_error(&(context->err) , KRB5_CRYPTO_INTERNAL,
+ "Enctype %d has no PRF", out_enctype_num);
+ return KRB5_CRYPTO_INTERNAL;
+ }
+ keybytes = out_enctype->enc->keybytes;
+ keylength = out_enctype->enc->keylength;
+
+ retval = prf_plus( context, k1, pepper1, keybytes, &prf1);
+ if (retval != 0)
+ goto cleanup;
+ retval = prf_plus( context, k2, pepper2, keybytes, &prf2);
+ if (retval != 0)
+ goto cleanup;
+ for (i = 0; i < keybytes; i++)
+ prf1[i] ^= prf2[i];
+ zap(prf2, keybytes);
+ retval = krb5int_c_init_keyblock( context, out_enctype_num, keylength, &out_key);
+ if (retval != 0)
+ goto cleanup;
+ keydata.data = prf1;
+ keydata.length = keybytes;
+ retval = out_enctype->enc->make_key( &keydata, out_key);
+
+ cleanup:
+ if (retval == 0)
+ *out = out_key;
+ else krb5int_c_free_keyblock( context, out_key);
+ if (prf1 != NULL) {
+ zap(prf1, keybytes);
+ free(prf1);
+ }
+ if (prf2 != NULL)
+ free(prf2);
+ return retval;
+}
projects / krb5.git / commitdiff