From e4c9d25796119725eeec8998a158bc78f3e0e3f1 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 12 Jan 2016 12:46:03 -0500
Subject: [PATCH] Add internal SHA-256 interface

Add a simple private libk5crypto interface for computing SHA-256
hashes.
---
 src/include/k5-int.h                 |  6 ++++
 src/lib/crypto/builtin/sha2/sha256.c | 11 +++++++
 src/lib/crypto/krb/crypto_int.h      |  2 ++
 src/lib/crypto/libk5crypto.exports   |  1 +
 src/lib/crypto/openssl/Makefile.in   |  3 ++
 src/lib/crypto/openssl/sha256.c      | 48 ++++++++++++++++++++++++++++
 6 files changed, 71 insertions(+)
 create mode 100644 src/lib/crypto/openssl/sha256.c

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index d652b08686..6b36e9d255 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -623,6 +623,12 @@ krb5int_arcfour_gsscrypt(const krb5_keyblock *keyblock, krb5_keyusage usage,
                          const krb5_data *kd_data, krb5_crypto_iov *data,
                          size_t num_data);
 
+#define K5_SHA256_HASHLEN (256 / 8)
+
+/* Write the SHA-256 hash of in to out. */
+krb5_error_code
+k5_sha256(const krb5_data *in, uint8_t out[K5_SHA256_HASHLEN]);
+
 /*
  * Attempt to zero memory in a way that compilers won't optimize out.
  *
diff --git a/src/lib/crypto/builtin/sha2/sha256.c b/src/lib/crypto/builtin/sha2/sha256.c
index ec0aeba511..e34bed575c 100644
--- a/src/lib/crypto/builtin/sha2/sha256.c
+++ b/src/lib/crypto/builtin/sha2/sha256.c
@@ -255,3 +255,14 @@ k5_sha256_final(void *res, SHA256_CTX *m)
 	}
     }
 }
+
+krb5_error_code
+k5_sha256(const krb5_data *in, uint8_t out[K5_SHA256_HASHLEN])
+{
+    SHA256_CTX ctx;
+
+    k5_sha256_init(&ctx);
+    k5_sha256_update(&ctx, in->data, in->length);
+    k5_sha256_final(out, &ctx);
+    return 0;
+}
diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h
index a12846ae36..e97c3cdd69 100644
--- a/src/lib/crypto/krb/crypto_int.h
+++ b/src/lib/crypto/krb/crypto_int.h
@@ -415,6 +415,8 @@ void k5_iov_cursor_put(struct iov_cursor *cursor, unsigned char *block);
 
 /*** Crypto module declarations ***/
 
+/* Modules must implement the k5_sha256() function prototyped in k5-int.h. */
+
 /* Modules must implement the following enc_providers and hash_providers: */
 extern const struct krb5_enc_provider krb5int_enc_des;
 extern const struct krb5_enc_provider krb5int_enc_des3;
diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports
index d0f0d293ab..6ba1d66004 100644
--- a/src/lib/crypto/libk5crypto.exports
+++ b/src/lib/crypto/libk5crypto.exports
@@ -97,6 +97,7 @@ krb5int_enc_camellia256
 krb5int_derive_key
 krb5int_aes_enc_blk
 krb5int_aes_enc_key
+k5_sha256
 k5_sha256_final
 k5_sha256_init
 k5_sha256_update
diff --git a/src/lib/crypto/openssl/Makefile.in b/src/lib/crypto/openssl/Makefile.in
index c7bff2e9ac..8014639c34 100644
--- a/src/lib/crypto/openssl/Makefile.in
+++ b/src/lib/crypto/openssl/Makefile.in
@@ -7,18 +7,21 @@ STLIBOBJS=\
 	hmac.o	\
 	init.o	\
 	pbkdf2.o \
+	sha256.o \
 	stubs.o
 
 OBJS=\
 	$(OUTPRE)hmac.$(OBJEXT)	\
 	$(OUTPRE)init.$(OBJEXT)	\
 	$(OUTPRE)pbkdf2.$(OBJEXT) \
+	$(OUTPRE)sha256.$(OBJEXT) \
 	$(OUTPRE)stubs.$(OBJEXT)
 
 SRCS=\
 	$(srcdir)/hmac.c	\
 	$(srcdir)/init.c	\
 	$(srcdir)/pbkdf2.c	\
+	$(srcdir)/sha256.c	\
 	$(srcdir)/stubs.c
 
 STOBJLISTS= des/OBJS.ST md4/OBJS.ST 	\
diff --git a/src/lib/crypto/openssl/sha256.c b/src/lib/crypto/openssl/sha256.c
new file mode 100644
index 0000000000..395433f0e0
--- /dev/null
+++ b/src/lib/crypto/openssl/sha256.c
@@ -0,0 +1,48 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/openssl/sha256.c - k5_sha256() implementation */
+/*
+ * Copyright (C) 2016 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "crypto_int.h"
+#include <openssl/evp.h>
+
+krb5_error_code
+k5_sha256(const krb5_data *in, uint8_t out[K5_SHA256_HASHLEN])
+{
+    EVP_MD_CTX ctx;
+    int ok;
+
+    EVP_MD_CTX_init(&ctx);
+    ok = EVP_DigestInit_ex(&ctx, EVP_sha256(), NULL);
+    ok = ok && EVP_DigestUpdate(&ctx, in->data, in->length);
+    ok = ok && EVP_DigestFinal_ex(&ctx, out, NULL);
+    EVP_MD_CTX_cleanup(&ctx);
+    return ok ? 0 : ENOMEM;
+}
-- 
2.47.2