/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */

/*

 * Copyright (C) 1998 by the FundsXpress, INC.

 *

 * All rights reserved.

 *

 * Export of this software from the United States of America may require

 * a specific license from the United States Government.  It is the

 * responsibility of any person or organization contemplating export to

 * obtain such a license before exporting.

 *

 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and

 * distribute this software and its documentation for any purpose and

 * without fee is hereby granted, provided that the above copyright

 * notice appear in all copies and that both that copyright notice and

 * this permission notice appear in supporting documentation, and that

 * the name of FundsXpress. not be used in advertising or publicity pertaining

 * to distribution of the software without specific, written prior

 * permission.  FundsXpress makes no representations about the suitability of

 * this software for any purpose.  It is provided "as is" without express

 * or implied warranty.

 *

 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR

 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED

 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.

 */

#include "crypto_int.h"

/*

 * Because our built-in HMAC implementation doesn't need to invoke any

 * encryption or keyed hash functions, it is simplest to define it in terms of

 * keyblocks, and then supply a simple wrapper for the "normal" krb5_key-using

 * interfaces.  The keyblock interfaces are useful for code which creates

 * intermediate keyblocks.

 */

/*

 * The HMAC transform looks like:

 *

 * H(K XOR opad, H(K XOR ipad, text))

 *

 * where H is a cryptographic hash

 * K is an n byte key

 * ipad is the byte 0x36 repeated blocksize times

 * opad is the byte 0x5c repeated blocksize times

 * and text is the data being protected

 */

krb5_error_code

krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,

                      const krb5_keyblock *keyblock,

                      const krb5_crypto_iov *data, size_t num_data,

                      krb5_data *output)

{

    unsigned char *xorkey = NULL, *ihash = NULL;

    unsigned int i;

    krb5_crypto_iov *ihash_iov = NULL, ohash_iov[2];

    krb5_data hashout;

    krb5_error_code ret;

    if (keyblock->length > hash->blocksize)

        return KRB5_CRYPTO_INTERNAL;

    if (output->length < hash->hashsize)

        return KRB5_BAD_MSIZE;

    /* Allocate space for the xor key, hash input vector, and inner hash */

    xorkey = k5alloc(hash->blocksize, &ret;;

    if (xorkey == NULL)

        goto cleanup;

    ihash = k5alloc(hash->hashsize, &ret;;

    if (ihash == NULL)

        goto cleanup;

    ihash_iov = k5calloc(num_data + 1, sizeof(krb5_crypto_iov), &ret;;

    if (ihash_iov == NULL)

        goto cleanup;

    /* Create the inner padded key. */

    memset(xorkey, 0x36, hash->blocksize);

    for (i = 0; i < keyblock->length; i++)

        xorkey[i] ^= keyblock->contents[i];

    /* Compute the inner hash over the inner key and input data. */

    ihash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;

    ihash_iov[0].data = make_data(xorkey, hash->blocksize);

    memcpy(ihash_iov + 1, data, num_data * sizeof(krb5_crypto_iov));

    hashout = make_data(ihash, hash->hashsize);

    ret = hash->hash(ihash_iov, num_data + 1, &hashout);

    if (ret != 0)

        goto cleanup;

    /* Create the outer padded key. */

    memset(xorkey, 0x5c, hash->blocksize);

    for (i = 0; i < keyblock->length; i++)

        xorkey[i] ^= keyblock->contents[i];

    /* Compute the outer hash over the outer key and inner hash value. */

    ohash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;

    ohash_iov[0].data = make_data(xorkey, hash->blocksize);

    ohash_iov[1].flags = KRB5_CRYPTO_TYPE_DATA;

    ohash_iov[1].data = make_data(ihash, hash->hashsize);

    output->length = hash->hashsize;

    ret = hash->hash(ohash_iov, 2, output);

    if (ret != 0)

        memset(output->data, 0, output->length);

cleanup:

    zapfree(xorkey, hash->blocksize);

    zapfree(ihash, hash->hashsize);

    free(ihash_iov);

    return ret;

}

krb5_error_code

krb5int_hmac(const struct krb5_hash_provider *hash, krb5_key key,

             const krb5_crypto_iov *data, size_t num_data,

             krb5_data *output)

{

    return krb5int_hmac_keyblock(hash, &key->keyblock, data, num_data, output);

}