Add internal SHA-256 interface

Add a simple private libk5crypto interface for computing SHA-256
hashes.

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index d652b08686ddf85cade48ec63457669621b27911..6b36e9d255525422d63ffc713ef4b650ea428394 100644 (file)
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -623,6 +623,12 @@ krb5int_arcfour_gsscrypt(const krb5_keyblock *keyblock, krb5_keyusage usage,
                          const krb5_data *kd_data, krb5_crypto_iov *data,
                          size_t num_data);
 
+#define K5_SHA256_HASHLEN (256 / 8)
+
+/* Write the SHA-256 hash of in to out. */
+krb5_error_code
+k5_sha256(const krb5_data *in, uint8_t out[K5_SHA256_HASHLEN]);
+
 /*
  * Attempt to zero memory in a way that compilers won't optimize out.
  *

diff --git a/src/lib/crypto/builtin/sha2/sha256.c b/src/lib/crypto/builtin/sha2/sha256.c
index ec0aeba511e61e80a5b1b5cb0d289e722e0a23ed..e34bed575c5fc138d8d15f3369d4af7c08a797a8 100644 (file)
--- a/src/lib/crypto/builtin/sha2/sha256.c
+++ b/src/lib/crypto/builtin/sha2/sha256.c
@@ -255,3 +255,14 @@ k5_sha256_final(void *res, SHA256_CTX *m)
        }
     }
 }
+
+krb5_error_code
+k5_sha256(const krb5_data *in, uint8_t out[K5_SHA256_HASHLEN])
+{
+    SHA256_CTX ctx;
+
+    k5_sha256_init(&ctx);
+    k5_sha256_update(&ctx, in->data, in->length);
+    k5_sha256_final(out, &ctx);
+    return 0;
+}

diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h
index a12846ae36fc283775a2ca5be7d5995b46ddc570..e97c3cdd697f96112b740cc76a2586eb535aefa8 100644 (file)
--- a/src/lib/crypto/krb/crypto_int.h
+++ b/src/lib/crypto/krb/crypto_int.h
@@ -415,6 +415,8 @@ void k5_iov_cursor_put(struct iov_cursor *cursor, unsigned char *block);
 
 /*** Crypto module declarations ***/
 
+/* Modules must implement the k5_sha256() function prototyped in k5-int.h. */
+
 /* Modules must implement the following enc_providers and hash_providers: */
 extern const struct krb5_enc_provider krb5int_enc_des;
 extern const struct krb5_enc_provider krb5int_enc_des3;

diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports
index d0f0d293ab05c69a24d63e5d565953c6e3766c08..6ba1d6600470e407c374e7ed3e13cbeb4aea37a4 100644 (file)
--- a/src/lib/crypto/libk5crypto.exports
+++ b/src/lib/crypto/libk5crypto.exports
@@ -97,6 +97,7 @@ krb5int_enc_camellia256
 krb5int_derive_key
 krb5int_aes_enc_blk
 krb5int_aes_enc_key
+k5_sha256
 k5_sha256_final
 k5_sha256_init
 k5_sha256_update

diff --git a/src/lib/crypto/openssl/Makefile.in b/src/lib/crypto/openssl/Makefile.in
index c7bff2e9ac1fe8a7c22fc3d781cc9b1a7f24790d..8014639c347e5c8d058f2eda6819f8978c25139b 100644 (file)
--- a/src/lib/crypto/openssl/Makefile.in
+++ b/src/lib/crypto/openssl/Makefile.in
@@ -7,18 +7,21 @@ STLIBOBJS=\
        hmac.o  \
        init.o  \
        pbkdf2.o \
+       sha256.o \
        stubs.o
 
 OBJS=\
        $(OUTPRE)hmac.$(OBJEXT) \
        $(OUTPRE)init.$(OBJEXT) \
        $(OUTPRE)pbkdf2.$(OBJEXT) \
+       $(OUTPRE)sha256.$(OBJEXT) \
        $(OUTPRE)stubs.$(OBJEXT)
 
 SRCS=\
        $(srcdir)/hmac.c        \
        $(srcdir)/init.c        \
        $(srcdir)/pbkdf2.c      \
+       $(srcdir)/sha256.c      \
        $(srcdir)/stubs.c
 
 STOBJLISTS= des/OBJS.ST md4/OBJS.ST    \

diff --git a/src/lib/crypto/openssl/sha256.c b/src/lib/crypto/openssl/sha256.c
new file mode 100644 (file)
index 0000000..395433f
--- /dev/null
+++ b/src/lib/crypto/openssl/sha256.c
@@ -0,0 +1,48 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/openssl/sha256.c - k5_sha256() implementation */
+/*
+ * Copyright (C) 2016 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "crypto_int.h"
+#include <openssl/evp.h>
+
+krb5_error_code
+k5_sha256(const krb5_data *in, uint8_t out[K5_SHA256_HASHLEN])
+{
+    EVP_MD_CTX ctx;
+    int ok;
+
+    EVP_MD_CTX_init(&ctx);
+    ok = EVP_DigestInit_ex(&ctx, EVP_sha256(), NULL);
+    ok = ok && EVP_DigestUpdate(&ctx, in->data, in->length);
+    ok = ok && EVP_DigestFinal_ex(&ctx, out, NULL);
+    EVP_MD_CTX_cleanup(&ctx);
+    return ok ? 0 : ENOMEM;
+}