/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */

/* lib/crypto/openssl/hmac.c */

/*

 * Copyright (C) 2009 by the Massachusetts Institute of Technology.

 * All rights reserved.

 *

 * Export of this software from the United States of America may

 *   require a specific license from the United States Government.

 *   It is the responsibility of any person or organization contemplating

 *   export to obtain such a license before exporting.

 *

 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and

 * distribute this software and its documentation for any purpose and

 * without fee is hereby granted, provided that the above copyright

 * notice appear in all copies and that both that copyright notice and

 * this permission notice appear in supporting documentation, and that

 * the name of M.I.T. not be used in advertising or publicity pertaining

 * to distribution of the software without specific, written prior

 * permission.  Furthermore if you modify this software you must label

 * your software as modified software and not distribute it in such a

 * fashion that it might be confused with the original M.I.T. software.

 * M.I.T. makes no representations about the suitability of

 * this software for any purpose.  It is provided "as is" without express

 * or implied warranty.

 */

/*

 * Copyright (C) 1998 by the FundsXpress, INC.

 *

 * All rights reserved.

 *

 * Export of this software from the United States of America may require

 * a specific license from the United States Government.  It is the

 * responsibility of any person or organization contemplating export to

 * obtain such a license before exporting.

 *

 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and

 * distribute this software and its documentation for any purpose and

 * without fee is hereby granted, provided that the above copyright

 * notice appear in all copies and that both that copyright notice and

 * this permission notice appear in supporting documentation, and that

 * the name of FundsXpress. not be used in advertising or publicity pertaining

 * to distribution of the software without specific, written prior

 * permission.  FundsXpress makes no representations about the suitability of

 * this software for any purpose.  It is provided "as is" without express

 * or implied warranty.

 *

 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR

 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED

 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.

 */

#include "crypto_int.h"

#include <openssl/hmac.h>

#include <openssl/evp.h>

#if OPENSSL_VERSION_NUMBER < 0x10100000L

/* OpenSSL 1.1 makes HMAC_CTX opaque, while 1.0 does not have pointer

 * constructors or destructors. */

#define HMAC_CTX_new compat_hmac_ctx_new

static HMAC_CTX *

compat_hmac_ctx_new()

{

    HMAC_CTX *ctx;

    ctx = calloc(1, sizeof(*ctx));

    if (ctx != NULL)

        HMAC_CTX_init(ctx);

    return ctx;

}

#define HMAC_CTX_free compat_hmac_ctx_free

static void

compat_hmac_ctx_free(HMAC_CTX *ctx)

{

    HMAC_CTX_cleanup(ctx);

    free(ctx);

}

#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */

/*

 * the HMAC transform looks like:

 *

 * H(K XOR opad, H(K XOR ipad, text))

 *

 * where H is a cryptographic hash

 * K is an n byte key

 * ipad is the byte 0x36 repeated blocksize times

 * opad is the byte 0x5c repeated blocksize times

 * and text is the data being protected

 */

static const EVP_MD *

map_digest(const struct krb5_hash_provider *hash)

{

    if (!strncmp(hash->hash_name, "SHA1",4))

        return EVP_sha1();

    else if (!strncmp(hash->hash_name, "SHA-256",7))

        return EVP_sha256();

    else if (!strncmp(hash->hash_name, "SHA-384",7))

        return EVP_sha384();

    else if (!strncmp(hash->hash_name, "MD5", 3))

        return EVP_md5();

    else if (!strncmp(hash->hash_name, "MD4", 3))

        return EVP_md4();

    else

        return NULL;

}

krb5_error_code

krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,

                      const krb5_keyblock *keyblock,

                      const krb5_crypto_iov *data, size_t num_data,

                      krb5_data *output)

{

    unsigned int i = 0, md_len = 0, ok;

    unsigned char md[EVP_MAX_MD_SIZE];

    HMAC_CTX *ctx;

    size_t hashsize, blocksize;

    hashsize = hash->hashsize;

    blocksize = hash->blocksize;

    if (keyblock->length > blocksize)

        return(KRB5_CRYPTO_INTERNAL);

    if (output->length < hashsize)

        return(KRB5_BAD_MSIZE);

    if (!map_digest(hash))

        return(KRB5_CRYPTO_INTERNAL); // unsupported alg

    ctx = HMAC_CTX_new();

    if (ctx == NULL)

        return ENOMEM;

    ok = HMAC_Init_ex(ctx, keyblock->contents, keyblock->length,

                      map_digest(hash), NULL);

    for (i = 0; ok && i < num_data; i++) {

        const krb5_crypto_iov *iov = &data[i];

        if (SIGN_IOV(iov))

            ok = HMAC_Update(ctx, (uint8_t *)iov->data.data, iov->data.length);

    }

    if (ok)

        ok = HMAC_Final(ctx, md, &md_len);

    if (ok && md_len <= output->length) {

        output->length = md_len;

        memcpy(output->data, md, output->length);

    }

    HMAC_CTX_free(ctx);

    return ok ? 0 : KRB5_CRYPTO_INTERNAL;

}

krb5_error_code

krb5int_hmac(const struct krb5_hash_provider *hash, krb5_key key,

             const krb5_crypto_iov *data, size_t num_data,

             krb5_data *output)

{

    return krb5int_hmac_keyblock(hash, &key->keyblock, data, num_data, output);

}