1 /* 2 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 7 /* 8 * Copyright (C) 1998 by the FundsXpress, INC. 9 * 10 * All rights reserved. 11 * 12 * Export of this software from the United States of America may require 13 * a specific license from the United States Government. It is the 14 * responsibility of any person or organization contemplating export to 15 * obtain such a license before exporting. 16 * 17 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 18 * distribute this software and its documentation for any purpose and 19 * without fee is hereby granted, provided that the above copyright 20 * notice appear in all copies and that both that copyright notice and 21 * this permission notice appear in supporting documentation, and that 22 * the name of FundsXpress. not be used in advertising or publicity pertaining 23 * to distribution of the software without specific, written prior 24 * permission. FundsXpress makes no representations about the suitability of 25 * this software for any purpose. It is provided "as is" without express 26 * or implied warranty. 27 * 28 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 29 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 30 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 31 */ 32 33 #include "k5-int.h" 34 #include "cksumtypes.h" 35 #include "etypes.h" 36 #include "dk.h" 37 38 krb5_error_code KRB5_CALLCONV 39 krb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype, 40 const krb5_keyblock *key, krb5_keyusage usage, 41 const krb5_data *input, krb5_checksum *cksum) 42 { 43 int i, e1, e2; 44 krb5_data data; 45 krb5_error_code ret = 0; 46 size_t cksumlen; 47 48 KRB5_LOG0(KRB5_INFO, "krb5_c_make_checksum() start."); 49 50 for (i=0; i<krb5_cksumtypes_length; i++) { 51 if (krb5_cksumtypes_list[i].ctype == cksumtype) 52 break; 53 } 54 55 if (i == krb5_cksumtypes_length) 56 return(KRB5_BAD_ENCTYPE); 57 58 if (krb5_cksumtypes_list[i].keyhash) 59 cksumlen = krb5_cksumtypes_list[i].keyhash->hashsize; 60 else 61 cksumlen = krb5_cksumtypes_list[i].hash->hashsize; 62 63 #ifdef _KERNEL 64 context->kef_cksum_mt = krb5_cksumtypes_list[i].kef_cksum_mt; 65 #endif 66 cksum->length = cksumlen; 67 68 if ((cksum->contents = (krb5_octet *) MALLOC(cksum->length)) == NULL) 69 return(ENOMEM); 70 71 data.length = cksum->length; 72 data.data = (char *) cksum->contents; 73 74 if (krb5_cksumtypes_list[i].keyhash) { 75 /* check if key is compatible */ 76 77 if (krb5_cksumtypes_list[i].keyed_etype) { 78 for (e1=0; e1<krb5_enctypes_length; e1++) 79 if (krb5_enctypes_list[e1].etype == 80 krb5_cksumtypes_list[i].keyed_etype) 81 break; 82 83 for (e2=0; e2<krb5_enctypes_length; e2++) 84 if (krb5_enctypes_list[e2].etype == key->enctype) 85 break; 86 87 if ((e1 == krb5_enctypes_length) || 88 (e2 == krb5_enctypes_length) || 89 (krb5_enctypes_list[e1].enc != krb5_enctypes_list[e2].enc)) { 90 ret = KRB5_BAD_ENCTYPE; 91 goto cleanup; 92 } 93 } 94 #ifdef _KERNEL 95 context->kef_cipher_mt = krb5_enctypes_list[e1].kef_cipher_mt; 96 context->kef_hash_mt = krb5_enctypes_list[e1].kef_hash_mt; 97 if (key->kef_key.ck_data == NULL) { 98 if ((ret = init_key_kef(context->kef_cipher_mt, 99 (krb5_keyblock *)key))) 100 goto cleanup; 101 } 102 #else 103 if ((ret = init_key_uef(krb_ctx_hSession(context), (krb5_keyblock *)key))) 104 return (ret); 105 #endif /* _KERNEL */ 106 107 ret = (*(krb5_cksumtypes_list[i].keyhash->hash))(context, key, 108 usage, 0, input, &data); 109 } else if (krb5_cksumtypes_list[i].flags & KRB5_CKSUMFLAG_DERIVE) { 110 #ifdef _KERNEL 111 context->kef_cipher_mt = get_cipher_mech_type(context, 112 (krb5_keyblock *)key); 113 context->kef_hash_mt = get_hash_mech_type(context, 114 (krb5_keyblock *)key); 115 /* 116 * If the hash_mt is invalid, try using the cksum_mt 117 * because "hash" and "checksum" are overloaded terms 118 * in some places. 119 */ 120 if (context->kef_hash_mt == CRYPTO_MECH_INVALID) 121 context->kef_hash_mt = context->kef_cksum_mt; 122 #else 123 ret = init_key_uef(krb_ctx_hSession(context), (krb5_keyblock *)key); 124 if (ret) 125 return (ret); 126 #endif /* _KERNEL */ 127 ret = krb5_dk_make_checksum(context, 128 krb5_cksumtypes_list[i].hash, 129 key, usage, input, &data); 130 } else { 131 /* 132 * No key is used, hash and cksum are synonymous 133 * in this case 134 */ 135 #ifdef _KERNEL 136 context->kef_hash_mt = context->kef_cksum_mt; 137 #endif /* _KERNEL */ 138 ret = (*(krb5_cksumtypes_list[i].hash->hash))(context, 1, 139 input, &data); 140 } 141 142 if (!ret) { 143 cksum->magic = KV5M_CHECKSUM; 144 cksum->checksum_type = cksumtype; 145 if (krb5_cksumtypes_list[i].trunc_size) { 146 krb5_octet *trunc; 147 size_t old_len = cksum->length; 148 149 /* 150 * Solaris Kerberos: 151 * The Kernel does not like 'realloc' (which is what 152 * MIT code does here), so we do our own "realloc". 153 */ 154 cksum->length = krb5_cksumtypes_list[i].trunc_size; 155 trunc = (krb5_octet *) MALLOC(cksum->length); 156 if (trunc) { 157 (void) memcpy(trunc, cksum->contents, cksum->length); 158 FREE(cksum->contents, old_len); 159 cksum->contents = trunc; 160 } else { 161 ret = ENOMEM; 162 } 163 } 164 } 165 166 cleanup: 167 if (ret) { 168 (void) memset(cksum->contents, 0, cksum->length); 169 FREE(cksum->contents, cksum->length); 170 cksum->length = 0; 171 cksum->contents = NULL; 172 } 173 174 KRB5_LOG(KRB5_INFO, "krb5_c_make_checksum() end ret = %d\n", ret); 175 return(ret); 176 } 177
Indexes created Mon Nov 23 10:17:13 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.